Anyone seen xauth.org?
Nate Klingenstein
ndk at internet2.edu
Mon Apr 19 20:59:13 UTC 2010
Brings me to another major distinction that I didn't mention in my
last message to Chris. These discovery services and common cookies
were and are scoped to specific "circles of trust," or federations, or
other cohesive, and generally legally extant entities.
It seems http://xauth.org wants to be the central clearinghouse for
all social identity, much like Google's original CDS idea. I see
absolutely no provisions anywhere for support of e.g. the use of a
"third party XAuth provider". The Google CDS doc even suggests that
it will manage the whitelists.
On Apr 19, 2010, at 7:52 PM, Paul Madsen wrote:
> And to clarify Chris's reference to Liberty Alliance, Liberty's
> Discovery Service is more comparable to XRD - a service at which the
> RP can query the user's various services and locations, (and in
> Liberty, obtain security tokens for those discovered endpoints a la
> WRAP & WS-Trust)
>
> The Liberty DS did not track current authn sessions like XAuth. And
> neither does/did SAML's Common Domain Cookie - it was meant to be a
> history of past authn sessions (so slightly less timely info)
More information about the specs
mailing list