On 26 May 2010, at 16:17, Klaas Wierenga wrote:
> - IdP discovery
>
> I don't think that in the use cases I am thinking of currently
> (jabber, imap etc.) IdP discovery is that important. I can very well
> live with having the client specify the IdP instead of relying on a
> discovery url provided by the server. I wanted to be as flexible as
> possible, but given your and others feedback I can change that. I
> see 2 options: introduce an "IdP hint" provided by the client and
> fall back to one provided by the server and discuss this in the
> security considerations or have the client always provide the IdP. I
> guess you prefer the latter, what do others think?
At least in the case of Jabber and IMAP, I guess you are close to the
"best situation" that Scott mentioned: you can
ask the user for a "generalized NetID" (it is an idea to avid using "e-
mail" in its name) and derive the IdP hint from
it, that it is a reasonable mix of both approaches, I think...
Be goode,
--
"Esta vez no fallaremos, Doctor Infierno"
Dr Diego R. Lopez
Red.es - RedIRIS
The Spanish NREN
e-mail: [log in to unmask]
jid: [log in to unmask]
Tel: +34 955 056 621
Mobile: +34 669 898 094
-----------------------------------------
|