Shibboleth Developers

[Peter Schober <>]

* Lukas Hämmerle 
<>
 [2010-12-16 10:09]:
> Our colleague Simon Leinen made us aware of a new Internet draft
> (published last week) with the title: "PingPong IdP Discovery Protocol"
> http://www.ietf.org/id/draft-efazendin-pingpong-idp-discovery-00.txt

From a quick glance...

  "directing the browser to perform these queries to, potentially, all
   possible IdPs for a given SP"

For some reason the date on that draft is not April, 1st.
I guess that's just an oversight on the author's part?

  "Each Pong response is recorded server side at the SP and indexed
   using the user's browser session."

Meaning the SP needs to establish a session before authenticating the
user, i.e. no relying on Shib's session and no protecting static
content?

"Prioritization" is fun as well:

  "SP SHOULD establish a prioritization mechanism to increase the
   possibility that the user's IdP is found early in the PingPong IdP
   Discovery Process"

And since these cookies are meant to have an expiration date in the
far future (i.e., are not session cookies), how will this work on
shared computers (where closing the browser does not destroy these
cookies with the browsers accumulating IdP "Pong" resonses for every
IdP someone sucessfully authenticated, at one point?)
-peter