[OpenID] proxying google/yayoo openid onto SAML2 sites; account linking, attribute insertion

[Peter Williams]

in the spirit that WIndows Azure ACS gateways/bridges Google to ws-fedp sites, we are probably at the point where we can take that result and further bridge it to SAML2 sites. If  anyone has a good case why they want to stick with SAML2 SP, yet allow Google et al to server an an authentication authority doing 2-factor logons etc etc, do speak up. One case we have is one that involves consulting an ldap directory as the attribute authority as the ws-fedp<->saml2-p handoff occurs - maintaining the user's client cert, in particular. ANother is that the SAML2 hop perfmrs account linking, of n google/yahoo sourced identities to the RP's identity - thus ensuring that once a given IDP dumps a user there is no "continuity break", due to that act of pseudo-governance.   		 	   		  
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-general/attachments/20111010/f3492e3d/attachment.html>