[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Subject: RE: [security-services] New high level SSO use cases
> Good document, but I have a question/comment. Is the user > deciding where the source site is which (s)he needs to > authenticate against ? I assume not, since the document > states in all scenarios " Destination site redirects the user > to a source site". If that's the case the picture for Use > case 1: between lines 64 and 65 should show somehow that its > a redirection and not self initiated call to authenticate to > source site, same for all the other UML flows, unless I have > not understood the flow correctly. This is a fundamental issue with any target-first flow. That is to say, the target could implicitly know where to send the user, or there has to be a user/user agent interaction of some sort, either at the target, or at some intermediary. Shib calls this the WAYF (where are you from) function. In Liberty there are some cookie-based, shared-domain schemes used to introduce the user's identity provider(s) to the target to facilitate the choice, but it's ultimately considered a fairly context-dependent activity, I think. I glossed over this in the first draft of the document, but that may be too much to gloss over. I'll see if I can address that, possibly by next call or possibly not. -- Scott
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Powered by eList eXpress LLC