Anyone seen

Paul Madsen paulmadsen at
Mon Apr 19 19:52:48 UTC 2010

And to clarify Chris's reference to Liberty Alliance, Liberty's 
Discovery Service is more comparable to XRD - a service at which the RP 
can query the user's various services and locations, (and in Liberty, 
obtain security tokens for those discovered endpoints a la WRAP & WS-Trust)

The Liberty DS did not track current authn sessions like XAuth. And 
neither does/did SAML's Common Domain Cookie - it was meant to be a 
history of past authn sessions (so slightly less timely info)


On 4/19/2010 3:14 PM, Nate Klingenstein wrote:
> Chris,
> Here's the final specification for one of the models you're referring 
> to, the Discovery Service.  It existed for many years prior to that as 
> the "WAYF" -- "where are you from?" service, and it's the one with 
> wide purchase in academia.
> The XAuth proposal seems also, on quick, distract glance, to have 
> flavors of the "common domain cookie" in the original SAML specs, but 
> that failed in deployment.
> But most of the technical distinctions appear to me to built around 
> the concept of integration with the user's session at the identity 
> provider.  That would be radically different from what we've done thus 
> far, which caches and maintains nothing more than the user's choice of 
> identity provider; not even whether they're a legitimate user there.
> It appears to place an enormous amount of power and centralization 
> into the hands of the XAuth service.  We've always wanted the DS to be 
> an independent, optional piece of infrastructure, not the central cog 
> around which everything else rotates.
> Interested to learn more, to see whether my initial reading here is off.
> Nate.
> On Apr 19, 2010, at 6:24 PM, Chris Messina wrote:
>> In fact, this model is widely used in academia and in Europe to 
>> simplify federated authentication.
> _______________________________________________
> specs mailing list
> specs at
> No virus found in this incoming message.
> Checked by AVG -
> Version: 9.0.801 / Virus Database: 271.1.1/2820 - Release Date: 04/19/10 02:31:00

Paul Madsen             
NTT DATA AgileNet                 @paulmadsen
paulmadsen at

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <>

More information about the specs mailing list