shibboleth-dev - idp proxy
Subject: Shibboleth Developers
List archive
- From: Peter Williams <>
- To: "" <>
- Subject: idp proxy
- Date: Thu, 11 Feb 2010 12:10:29 -0800
- Accept-language: en-US
- Acceptlanguage: en-US
|
Is there any momentum to implement in the IDP handing of the
various idp proxy behaviours? It would really help shib IDP fit into business applications
of websso if there were support - since that flow caters for the reality
of one IDP adding value to another. In our environment, we compartmentalize risks –
ensuring not too much power is vested in any one IDP. An IDP good at
authentication mechanism X may be augmented by an IDP good at failsafe session
authorization, which is supported by an IDP good at managing attributes in the attribute
query resulting from presentation of an https client cert to an SP. Ideally,
all these IDPs would be using the SAML2 defined mechanisms for coordination. |
- idp proxy, Peter Williams, 02/11/2010
- RE: [Shib-Dev] idp proxy, Scott Cantor, 02/11/2010
Archive powered by MHonArc 2.6.16.