
<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40">


<head>

<META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=us-ascii">

<meta name=Generator content="Microsoft Word 12 (filtered medium)">

<style>

<!--

 /* Font Definitions */

 @font-face

        {font-family:Calibri;

        panose-1:2 15 5 2 2 2 4 3 2 4;}

@font-face

        {font-family:Tahoma;

        panose-1:2 11 6 4 3 5 4 4 2 4;}

 /* Style Definitions */

 p.MsoNormal, li.MsoNormal, div.MsoNormal

        {margin:0in;

        margin-bottom:.0001pt;

        font-size:12.0pt;

        font-family:"Times New Roman","serif";}

a:link, span.MsoHyperlink

        {mso-style-priority:99;

        color:blue;

        text-decoration:underline;}

a:visited, span.MsoHyperlinkFollowed

        {mso-style-priority:99;

        color:purple;

        text-decoration:underline;}

tt

        {mso-style-priority:99;

        font-family:"Courier New";}

span.EmailStyle18

        {mso-style-type:personal-reply;

        font-family:"Calibri","sans-serif";

        color:#1F497D;}

.MsoChpDefault

        {mso-style-type:export-only;}

@page Section1

        {size:8.5in 11.0in;

        margin:1.0in 1.0in 1.0in 1.0in;}

div.Section1

        {page:Section1;}

-->

</style>

<!--[if gte mso 9]><xml>

 <o:shapedefaults v:ext="edit" spidmax="1026" />

</xml><![endif]--><!--[if gte mso 9]><xml>

 <o:shapelayout v:ext="edit">

  <o:idmap v:ext="edit" data="1" />

 </o:shapelayout></xml><![endif]-->

</head>


<body lang=EN-US link=blue vlink=purple>


<div class=Section1>


<p class=MsoNormal><b><span style='font-size:10.0pt;font-family:"Tahoma","sans-serif";

color:#1F497D'><a

href="http://blog.pingidentity.com/blog/ctotalk/2008/03/31/Dynamic-SAML-Article-in-IEEE-Security-Privacy">http://blog.pingidentity.com/blog/ctotalk/2008/03/31/Dynamic-SAML-Article-in-IEEE-Security-Privacy</a><o:p></o:p></span></b></p>


<p class=MsoNormal><b><span style='font-size:10.0pt;font-family:"Tahoma","sans-serif";

color:#1F497D'><o:p>&nbsp;</o:p></span></b></p>


<p class=MsoNormal><b><span style='font-size:10.0pt;font-family:"Tahoma","sans-serif";

color:#1F497D'>references Nate, FYI.<o:p></o:p></span></b></p>


<p class=MsoNormal><b><span style='font-size:10.0pt;font-family:"Tahoma","sans-serif";

color:#1F497D'><o:p>&nbsp;</o:p></span></b></p>


<p class=MsoNormal><b><span style='font-size:10.0pt;font-family:"Tahoma","sans-serif";

color:#1F497D'>Discussion of one dynamic discovery practice in SAML2 actually available

today (that IS just as easy as OpenID, I can attest, having tried both) is at <a

href="http://blog.pingidentity.com/blog/ctotalk/2008/01/30/Trusting-Meta-Data">http://blog.pingidentity.com/blog/ctotalk/2008/01/30/Trusting-Meta-Data</a><o:p></o:p></span></b></p>


<p class=MsoNormal><b><span style='font-size:10.0pt;font-family:"Tahoma","sans-serif";

color:#1F497D'><o:p>&nbsp;</o:p></span></b></p>


<p class=MsoNormal><b><span style='font-size:10.0pt;font-family:"Tahoma","sans-serif";

color:#1F497D'>OpenID is arguably more simple in its metadata model, but

assumes much higher user competence. (Just how many grandmas can really edit

their blog landing page&#8217;s HTML file? My blog provider (Microsoft Spaces) edited

out my metadata tags when I tried&#8230;and doesn&#8217;t even tell the user! Their review

team apparently view any and all such OpenId1 mechanisms as an &#8220;inherently insecure&#8221;

practice for consumers to exploit, from what I can tell.<o:p></o:p></span></b></p>


<p class=MsoNormal><b><span style='font-size:10.0pt;font-family:"Tahoma","sans-serif";

color:#1F497D'><o:p>&nbsp;</o:p></span></b></p>


<p class=MsoNormal><b><span style='font-size:10.0pt;font-family:"Tahoma","sans-serif";

color:#1F497D'>But this is really irrelevant. Convergence is now happening

nicely, focused on what it is that OpenID added to the pot (metadata-driven

protocols flows).<o:p></o:p></span></b></p>


<div style='mso-element:para-border-div;border:none;border-bottom:solid windowtext 1.0pt;

padding:0in 0in 1.0pt 0in'>


<p class=MsoNormal style='border:none;padding:0in'><b><span style='font-size:

10.0pt;font-family:"Tahoma","sans-serif";color:#1F497D'><o:p>&nbsp;</o:p></span></b></p>


</div>


<p class=MsoNormal><b><span style='font-size:10.0pt;font-family:"Tahoma","sans-serif";

color:#1F497D'><o:p>&nbsp;</o:p></span></b></p>


<p class=MsoNormal><tt><span style='font-size:10.0pt'>Sure, there are dynamic

extensions to SAML like those defined by Shibboleth for dynamic metadata

sharing, but out-of-the-box nothing I've been exposed to thus far quite matches

the simplicity of the OpenID model.</span></tt> <br>

<br>

<tt><span style='font-size:10.0pt'>=shane</span></tt><o:p></o:p></p>


</div>


</body>


</html>