[OpenID] openid and xpointer
Peter Williams
pwilliams at rapattoni.com
Mon Feb 4 23:47:33 UTC 2008
> So, if the OP's local process of user authentication were to
> leverage/interpret information in that delegate string, it is
> entirely entitled to do so. For example, if the op recognized that
> the value is a uri-bound saml request, the op might redirect/bridge
> to that saml website in order to complete the op's locally-defined
> auth process, before sending the value to the RP (as in openid 1)?
Yes, I don't see why this couldn't work.
Going back to last weeks thread on ppids, of course the op can send back the selected ppid to the rp, to assert compliance with law4. If that saml request required the the auth website to use the saml2 persistent name form and indicates an spqualfied name of the rp (from rp discovery), our op's response from its local auth process might well provision that ppid value automatically - once read form the hidden saml response.
Ok I may go and code in java: may have to break down and wrap your java library in the java plugin api of my saml server. The result would be very satisfying however.
More information about the general
mailing list