Anyone seen xauth.org?
paulmadsen at rogers.com
Mon Apr 19 19:52:48 UTC 2010
And to clarify Chris's reference to Liberty Alliance, Liberty's
Discovery Service is more comparable to XRD - a service at which the RP
can query the user's various services and locations, (and in Liberty,
obtain security tokens for those discovered endpoints a la WRAP & WS-Trust)
The Liberty DS did not track current authn sessions like XAuth. And
neither does/did SAML's Common Domain Cookie - it was meant to be a
history of past authn sessions (so slightly less timely info)
On 4/19/2010 3:14 PM, Nate Klingenstein wrote:
> Here's the final specification for one of the models you're referring
> to, the Discovery Service. It existed for many years prior to that as
> the "WAYF" -- "where are you from?" service, and it's the one with
> wide purchase in academia.
> The XAuth proposal seems also, on quick, distract glance, to have
> flavors of the "common domain cookie" in the original SAML specs, but
> that failed in deployment.
> But most of the technical distinctions appear to me to built around
> the concept of integration with the user's session at the identity
> provider. That would be radically different from what we've done thus
> far, which caches and maintains nothing more than the user's choice of
> identity provider; not even whether they're a legitimate user there.
> It appears to place an enormous amount of power and centralization
> into the hands of the XAuth service. We've always wanted the DS to be
> an independent, optional piece of infrastructure, not the central cog
> around which everything else rotates.
> Interested to learn more, to see whether my initial reading here is off.
> On Apr 19, 2010, at 6:24 PM, Chris Messina wrote:
>> In fact, this model is widely used in academia and in Europe to
>> simplify federated authentication.
> specs mailing list
> specs at lists.openid.net
> No virus found in this incoming message.
> Checked by AVG - www.avg.com
> Version: 9.0.801 / Virus Database: 271.1.1/2820 - Release Date: 04/19/10 02:31:00
Paul Madsen connectid.blogspot.com
NTT DATA AgileNet @paulmadsen
paulmadsen at nttdata.com
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the specs