[WG-FI] Suggested change for Discovery section / SDP-SP23

0 views
Skip to first unread message

Cantor, Scott

unread,
Oct 15, 2019, 12:38:26 PM10/15/19
to WG...@kantarainitiative.org
I'll let people compare this to the current wording at their leisure. Besides the major change, I made a few small wording adjustments.

The obvious counter to this proposal is that it's not a cleanly testable requirement, but OTOH, it's pretty obvious if you're doing it or not, just not automatable. I don't think we should take a position on "good" or "bad" solutions.

Referencing RA21 or its successor is something we could do in italics.

I'm not pulling the IdPDisco reference because it's a bad spec, but because it's purely an implementers document, as a means of establishing software interop between SPs and DS software, and this isn't an implementer's document.

-- Scott

Discovery

Deep linking also implies support for some form of IdP "discovery", the process by which an SP establishes which IdP to use on behalf of a subject. Use of IdP-initiated SSO is a common workaround for supporting discovery, but cannot be required when deep linking is supported, in addition to having other drawbacks.

A common means of discovery is the mapping of resource/application URL (typically virtual host, sometimes path) to a specific IdP. This is strongly discouraged, and is disallowed for collaborative applications, since it makes the sharing of URLs between users from multiple organizations at best inconvenient, and in some cases, impossible.

[SDP-SP23]

SPs that support deep linking MUST support some form of Identity Provider discovery that accomodates all, or at least the vast majority, of their user base. Support for caching mechanisms such as cookies or other persistence solutions is encouraged.


_______________________________________________
WG-FI mailing list
WG...@kantarainitiative.org
https://kantarainitiative.org/mailman/listinfo/wg-fi
Reply all
Reply to author
Forward
0 new messages