Anyone seen xauth.org?
Paul Madsen
paulmadsen at rogers.com
Mon Apr 19 19:52:48 UTC 2010
And to clarify Chris's reference to Liberty Alliance, Liberty's
Discovery Service is more comparable to XRD - a service at which the RP
can query the user's various services and locations, (and in Liberty,
obtain security tokens for those discovered endpoints a la WRAP & WS-Trust)
The Liberty DS did not track current authn sessions like XAuth. And
neither does/did SAML's Common Domain Cookie - it was meant to be a
history of past authn sessions (so slightly less timely info)
paul
On 4/19/2010 3:14 PM, Nate Klingenstein wrote:
> Chris,
>
> Here's the final specification for one of the models you're referring
> to, the Discovery Service. It existed for many years prior to that as
> the "WAYF" -- "where are you from?" service, and it's the one with
> wide purchase in academia.
>
> http://docs.oasis-open.org/security/saml/Post2.0/sstc-saml-idp-discovery.html
>
>
> The XAuth proposal seems also, on quick, distract glance, to have
> flavors of the "common domain cookie" in the original SAML specs, but
> that failed in deployment.
>
> But most of the technical distinctions appear to me to built around
> the concept of integration with the user's session at the identity
> provider. That would be radically different from what we've done thus
> far, which caches and maintains nothing more than the user's choice of
> identity provider; not even whether they're a legitimate user there.
>
> It appears to place an enormous amount of power and centralization
> into the hands of the XAuth service. We've always wanted the DS to be
> an independent, optional piece of infrastructure, not the central cog
> around which everything else rotates.
>
> Interested to learn more, to see whether my initial reading here is off.
> Nate.
>
> On Apr 19, 2010, at 6:24 PM, Chris Messina wrote:
>
>> In fact, this model is widely used in academia and in Europe to
>> simplify federated authentication.
>
> _______________________________________________
> specs mailing list
> specs at lists.openid.net
> http://lists.openid.net/mailman/listinfo/openid-specs
>
>
>
> No virus found in this incoming message.
> Checked by AVG - www.avg.com
> Version: 9.0.801 / Virus Database: 271.1.1/2820 - Release Date: 04/19/10 02:31:00
>
>
--
Paul Madsen connectid.blogspot.com
NTT DATA AgileNet @paulmadsen
paulmadsen at nttdata.com
6138588647
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs/attachments/20100419/70eb3790/attachment.htm>
More information about the specs
mailing list