[Concordia] A wiki page for our IdP Discovery Problem educational materials

[Mikaël Ates]

Hi Scott,
>> Josh, you are totally right, it would have been better if I have kept
>> the distinction between the discovery and trust path establishment issues.
>> I think that the first one can be resolved in a manner listed by Eve. An
>> information (for me, a "hint") given to the SP (whatever passive or
>> active client process used) combined with the SAML2 Metadata Publication
>> and Resolution part seem to be enough.
>>     
>
> It's not, that's the reason for having a page to discuss the issues. A hint
> is not "go to this IdP". That's what the SP needs to know. Otherwise you're
> just dodging the problem and moving it someplace else which then in turn
> needs to ask the question. Hints are great, except that I think people are
> mis-representing them as a solution. They're not. They're part of other
> solutions that are themselves only partial solutions. That's why it's so
> hard.
>   
I was thinking about something like determining the "well known 
location" thanks a domain name, a university name or anything else (what 
I maybe abusively called a hint).
>   
>> The second question is now about trust path establishment i.e. I have
>> discovered the IdP but for the moment I do not trust it yet, i.e. I have
>> its signature but I do not trust his signature yet.
>>     
>
> Not part of this issue at all.
>   
You are right. I'll do another post for this.

Regards,
Mikaël
> -- Scott
>
>
>