Yet Another Delegation Thread
Dick Hardt
dick at sxip.com
Wed Oct 25 18:06:23 UTC 2006
On 25-Oct-06, at 10:36 AM, Josh Hoyt wrote:
> On 10/25/06, Dick Hardt <dick at sxip.com> wrote:
>> > 2) Since the RP has to do discovery on the Claimed Identifier
>> > anyway, if it
>> > discovers a mapping between the Claimed Identifier and an IdP-
>> Specific
>> > Identifier, the RP can send the IdP-Specific Identifier to the IdP
>> > and save
>> > the IdP from having to repeat discovery.
>>
>> unfortunately that disco information could be modified in route, so
>> the IdP can't trust it
>
> I have said this several times already, but THE IDP DOES NOT HAVE TO
> TRUST THIS INFORMATION.
Then why send it?
More information about the specs
mailing list