shibboleth-dev - [Shib-Dev] Non persistent cookies and the centralized discovery service
Subject: Shibboleth Developers
List archive
- From: "Rod Widdowson" <>
- To: <>
- Subject: [Shib-Dev] Non persistent cookies and the centralized discovery service
- Date: Mon, 24 Jan 2011 17:58:17 -0000
- Domainkey-signature: a=rsa-sha1; c=nofws; d=steadingsoftware.com; h=from:to :subject:date:message-id:mime-version:content-type: content-transfer-encoding; q=dns; s=steadingsoftware.com; b=cWoh 65n/DfLYDKjNKtzKXDEnWvmos4/GbyNOaJ72AKc/YszoBKIEkvOGzUPaAaKw7Q9l 1Bd7Ss36nxqBQrnS/1rfFWlC7H/r3lKVAMZfuOFABeLKjPMYEuuQ6Uyx+ErGx+1D qxdVIzbtDUkaZ7eS1XRZ/0EJBL3mcUFnr+tu0/c=
I'd like to provoke a brief discussion of
https://bugs.internet2.edu/jira/browse/SDSJ-92.
The basic idea is that the DS stores two cookies:
1) The traditional _saml_idp one which is used to populate the "you have
previously visited" list. This would be as per the spec
and would usually be persistent.
2) A new cookie which is non persistent, and stores a single IdP, being the
one that was selected last time through. If this is
present the DS would not show a screen at all, but just pass the request on
as appropriate. The idea is that within one session a
user will only see the DS once. My choice would be to not call this anything
like __saml_idp. I think this can also be done as a
new plugin to work in parallel with or separately from the saml_idp plugin.
My immediate instinct is that would really help the usability of centralized
DS, potentially at the cost of SP's which do
(multi-IdP) attribute aggregation (and who I'd assume would need to do their
own discovery), but I'd like to get your input...
Note that at this stage I cannot make a commitment that this work will be
done (this could be considered as new function and no new
major rev DS is currently planned), but I would like to understand the
world's feel for this.
Rod
- [Shib-Dev] Non persistent cookies and the centralized discovery service, Rod Widdowson, 01/24/2011
- RE: [Shib-Dev] Non persistent cookies and the centralized discovery service, Cantor, Scott E., 01/24/2011
- Re: [Shib-Dev] Non persistent cookies and the centralized discovery service, Chad La Joie, 01/24/2011
- RE: [Shib-Dev] Non persistent cookies and the centralized discovery service, Rod Widdowson, 01/25/2011
- RE: [Shib-Dev] Non persistent cookies and the centralized discovery service, Cantor, Scott E., 01/25/2011
- RE: [Shib-Dev] Non persistent cookies and the centralized discovery service, Rod Widdowson, 01/25/2011
- Re: [Shib-Dev] Non persistent cookies and the centralized discovery service, Chad La Joie, 01/24/2011
- RE: [Shib-Dev] Non persistent cookies and the centralized discovery service, Cantor, Scott E., 01/24/2011
Archive powered by MHonArc 2.6.16.