<head>
<style>
code {
font-family: SFMono-Regular, Menlo, Consolas, "PT Mono", "Liberation Mono", Courier, monospace;
}
p {
border-radius: 0px;
}
ol.custom-editor-ordered-list-class {
padding-inline-start: 0px;
margin: 1px 0px;
padding-inline-start: 24px;
min-height: calc(1.5em + 6px);
}
ul.custom-editor-bullet-list-class {
padding-inline-start: 0px;
margin: 1px 0px;
padding-inline-start: 24px;
min-height: calc(1.5em + 6px);
}
pre.custom-editor-code-block-class {
flex-shrink: 1;
text-align: left;
font-family: SFMono-Regular, Menlo, Consolas, "PT Mono", "Liberation Mono", Courier, monospace;
font-size: 13.6px;
tab-size: 2;
padding: 34px 16px 32px 32px;
min-height: 1em;
white-space: pre;
border-radius: 4px;
text-align: left;
position: relative;
background: rgba(135,131,120,.15);
min-width: 0px;
width: 100%;
box-sizing: border-box;
}
hr.custom-editor-divider-class {
border: none;
border-top: 1px solid rgba(135,131,120,.15);
width: 100%;
}
blockquote {
border-left: 3px solid currentcolor;
padding-inline-start: 14px;
margin: 0px;
margin-top: 4px;
font-size: 1em;
padding-right: 2px;
padding-top: 3px;
padding-bottom: 3px;
padding-left: 14px;
}
blockquote.light {
border-left-color: rgba(55, 53, 47, 0.16);
}
blockquote.dark {
border-left-color: rgba(255, 255, 255, 0.13);
}
aside {
display: flex;
width: 100%;
max-width: 100%;
box-sizing: border-box;
border-radius: 4px;
background: rgba(135,131,120,.15);
padding: 16px 16px 16px 12px;
white-space: pre-wrap;
word-break: break-word;
}
.callout-emoji {
user-select: none;
display: flex;
align-items: center;
justify-content: center;
height: 24px;
width: 24px;
font-size: 21.6px;
box-sizing: border-box;
margin-top: -3px;
border-radius: 0.25em;
flex-shrink: 0;
flex-grow: 0;
}
.callout-emoji > img {
height: 18px;
width: 18px;
margin-top: auto;
margin-bottom: auto;
}
.callout-content {
margin-left: 8px;
margin-top: auto;
display: table;
width: 100%;
}
.custom-editor-task-list-class {
list-style: none;
padding: 0;
margin: 0;
}
.custom-editor-task-item-class {
display: flex;
align-items: center;
}
.custom-editor-task-item-class > label {
margin-right: 0.5rem;
cursor: pointer;
user-select: none;
display: flex;
align-items: center;
}
.custom-editor-task-item-class > label > input[type="checkbox"] {
margin-right: 0.5rem;
}
.custom-editor-task-item-checked-class > * {
text-decoration: line-through rgba(55, 53, 47, 0.42);
color: rgba(55, 53, 47, 0.65);
}
.custom-editor-rendered-mention {
opacity: 0.6;
color: unset;
}
.custom-editor-rendered-mention > a {
color: unset;
}
.custom-editor-rendered-mention-page {
font-weight: 500;
max-width: 200px;
}
.custom-editor-rendered-mention-page > a {
color: unset;
}
.custom-editor-rendered-mention-page-link {
border-bottom: 0.05em solid rgba(95, 94, 91, 1);
text-decoration: none !important;
}
pre {
flex-shrink: 1;
text-align: left;
font-family: SFMono-Regular, Menlo, Consolas, "PT Mono", "Liberation Mono", Courier, monospace;
font-size: 13.6px;
tab-size: 2;
padding: 34px 16px 32px 32px;
min-height: 1em;
white-space: pre;
border-radius: 4px;
text-align: left;
position: relative;
background: rgb(247, 246, 243);
min-width: 0px;
width: 100%;
box-sizing: border-box;
text-wrap: wrap;
}
a.custom-editor-link-class {
color: rgba(120, 119, 116, 1);
cursor: pointer;
text-decoration-thickness: 0.05em;
text-underline-offset: 3px;
}
</style>
<style>
* {
-webkit-tap-highlight-color: rgba(0, 0, 0, 0);
-webkit-font-smoothing: antialiased;
line-height: 1.3;
font-family: ui-sans-serif, -apple-system, BlinkMacSystemFont, "Segoe UI", Helvetica, "Apple Color Emoji", Arial, sans-serif, "Segoe UI Emoji", "Segoe UI Symbol";
}
p {
margin: 0px 0px 0px 0px !important;
min-height: 19.5px; /* Set a minimum height so empty p tags still take up vertical space; matches gmail empty line height */
}
</style>
</head>
<body>
<p dir="auto">Following up on this item from the last IPSIE WG meeting, I created <a target="_blank" rel="noopener noreferrer nofollow" class="custom-editor-link-class" href="https://github.com/openid/ipsie/issues/100">https://github.com/openid/ipsie/issues/100</a>.</p><p dir="auto"></p><p dir="auto">tl;dr; SAML based federations are highly dependent upon IdP initiated federation flows. A recent update to the Common Requirements doc (<a target="_blank" rel="noopener noreferrer nofollow" class="custom-editor-link-class" href="https://github.com/openid/ipsie/issues/94">https://github.com/openid/ipsie/issues/94</a>, <a target="_blank" rel="noopener noreferrer nofollow" class="custom-editor-link-class" href="https://deansaxe.github.io/draft-saxe-ipsie-common-requirements-profile/draft-saxe-ipsie-common-requirements-profile.html">https://deansaxe.github.io/draft-saxe-ipsie-common-requirements-profile/draft-saxe-ipsie-common-requirements-profile.html</a>) eliminates the use of IdP initiated flows. </p><p dir="auto"></p><p dir="auto">As a WG, we need to determine how to deal with this gap. I see two choices:</p><ol class="custom-editor-ordered-list-class" dir="auto"><li dir="auto"><p dir="auto">Move the requirement for RP initiated flows to SL2, allowing them to continue at SL1 for SAML implementations. </p></li><li dir="auto"><p dir="auto">Keep the requirement at SL1 and figure out how to device a mechanism for SAML that works similar to <a target="_blank" rel="nofollow" class="custom-editor-link-class" href="https://openid.net/specs/openid-connect-core-1_0.html#ThirdPartyInitiatedLogin" style="box-sizing:border-box;background-color:rgba(0,0,0,0);color:rgb(9,105,218);text-decoration:underline"><u>https://openid.net/specs/openid-connect-core-1_0.html#ThirdPartyInitiatedLogin</u></a></p></li></ol><p dir="auto"></p><p dir="auto">I would appreciate your thoughts on this issue either via the mailing list or as comments on the issue.</p><p dir="auto"></p><p dir="auto">Thanks,</p><p dir="auto">-dhs</p><p dir="auto"></p><div class="signature"><p dir="auto">--</p><div dir="auto"><p dir="auto">Dean H. Saxe</p></div><div dir="auto"><p dir="auto"><a target="_blank" rel="noopener noreferrer nofollow" class="custom-editor-link-class" href="mailto:dean@thesax.es">dean@thesax.es</a></p></div></div>
</body>