Anyone seen xauth.org?

Nate Klingenstein ndk at internet2.edu
Mon Apr 19 20:59:13 UTC 2010


Brings me to another major distinction that I didn't mention in my  
last message to Chris.  These discovery services and common cookies  
were and are scoped to specific "circles of trust," or federations, or  
other cohesive, and generally legally extant entities.

It seems http://xauth.org wants to be the central clearinghouse for  
all social identity, much like Google's original CDS idea.  I see  
absolutely no provisions anywhere for support of e.g. the use of a  
"third party XAuth provider".  The Google CDS doc even suggests that  
it will manage the whitelists.

On Apr 19, 2010, at 7:52 PM, Paul Madsen wrote:

> And to clarify Chris's reference to Liberty Alliance, Liberty's  
> Discovery Service is more comparable to XRD - a service at which the  
> RP can query the user's various services and locations, (and in  
> Liberty, obtain security tokens for those discovered endpoints a la  
> WRAP & WS-Trust)
>
> The Liberty DS did not track current authn sessions like XAuth. And  
> neither does/did SAML's Common Domain Cookie - it was meant to be a  
> history of past authn sessions (so slightly less timely info)



More information about the specs mailing list