[Concordia] A wiki page for our IdP Discovery Problem educational materials

[Scott Cantor]

> Josh, you are totally right, it would have been better if I have kept
> the distinction between the discovery and trust path establishment issues.
> I think that the first one can be resolved in a manner listed by Eve. An
> information (for me, a "hint") given to the SP (whatever passive or
> active client process used) combined with the SAML2 Metadata Publication
> and Resolution part seem to be enough.

It's not, that's the reason for having a page to discuss the issues. A hint
is not "go to this IdP". That's what the SP needs to know. Otherwise you're
just dodging the problem and moving it someplace else which then in turn
needs to ask the question. Hints are great, except that I think people are
mis-representing them as a solution. They're not. They're part of other
solutions that are themselves only partial solutions. That's why it's so
hard.

> The second question is now about trust path establishment i.e. I have
> discovered the IdP but for the moment I do not trust it yet, i.e. I have
> its signature but I do not trust his signature yet.

Not part of this issue at all.

-- Scott