On 26 May 2010, at 16:30, Diego R. Lopez wrote:
>
> On 26 May 2010, at 16:17, Klaas Wierenga wrote:
>> - IdP discovery
>>
>> I don't think that in the use cases I am thinking of currently
>> (jabber, imap etc.) IdP discovery is that important. I can very
>> well live with having the client specify the IdP instead of relying
>> on a discovery url provided by the server. I wanted to be as
>> flexible as possible, but given your and others feedback I can
>> change that. I see 2 options: introduce an "IdP hint" provided by
>> the client and fall back to one provided by the server and discuss
>> this in the security considerations or have the client always
>> provide the IdP. I guess you prefer the latter, what do others think?
>
> At least in the case of Jabber and IMAP, I guess you are close to
> the "best situation" that Scott mentioned: you can
> ask the user for a "generalized NetID" (it is an idea to avid using
> "e-mail" in its name) and derive the IdP hint from
> it, that it is a reasonable mix of both approaches, I think...
And there is another way that I forgot to mention. What about asking
the user for their OpenID? This is an excellent
IdP hint...
Be goode,
--
"Esta vez no fallaremos, Doctor Infierno"
Dr Diego R. Lopez
Red.es - RedIRIS
The Spanish NREN
e-mail: [log in to unmask]
jid: [log in to unmask]
Tel: +34 955 056 621
Mobile: +34 669 898 094
-----------------------------------------
|