On 5/26/10 4:30 PM, Diego R. Lopez wrote:
> On 26 May 2010, at 16:17, Klaas Wierenga wrote:
>> - IdP discovery
>>
>> I don't think that in the use cases I am thinking of currently
>> (jabber, imap etc.) IdP discovery is that important. I can very well
>> live with having the client specify the IdP instead of relying on a
>> discovery url provided by the server. I wanted to be as flexible as
>> possible, but given your and others feedback I can change that. I see
>> 2 options: introduce an "IdP hint" provided by the client and fall
>> back to one provided by the server and discuss this in the security
>> considerations or have the client always provide the IdP. I guess you
>> prefer the latter, what do others think?
>
> At least in the case of Jabber and IMAP, I guess you are close to the
> "best situation" that Scott mentioned: you can
> ask the user for a "generalized NetID" (it is an idea to avid using
> "e-mail" in its name) and derive the IdP hint from
> it, that it is a reasonable mix of both approaches, I think...
right, so the server would have a list of realm to idp-url mappings?
Klaas
>
> Be goode,
>
> --
> "Esta vez no fallaremos, Doctor Infierno"
>
> Dr Diego R. Lopez
>
> Red.es - RedIRIS
> The Spanish NREN
>
> e-mail: [log in to unmask]
> jid: [log in to unmask]
> Tel: +34 955 056 621
> Mobile: +34 669 898 094
> -----------------------------------------
|