Discovery hints from IdP:s delivering orgAffiliation #171
Assignees
Labels
Comments
|
KeyWords are pretty good for this since we're talking about indexing free text, not matching "correct" names. |
|
Note that this discussion is covered extensively in the seamlessaccess working groups on discovery hinting. The issue we are facing is exactly the same one that is faced by big proxies in edugain. |
|
I think that we should add a text about this in the future "Technical Connection Requirements for Sweden Connect" document... |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
A Discovery Service, or a Service Provider building its own discovery page, may want to display the different ways to login a bit differently in the case of orgAffiliation attribute release. When an eID issued to the members of an organization it may be better to actually display the different organizations to choose from that to select which IdP to use.
Example (ordinary discovery page):
This is probably the best solution in cases where the user has obtained his or her eID from the IdP, but in cases where the user obtains the eID from the organization, a better solution may be:
In order to get this working an IdP need to announce which organizations it services (has issued eID:s to).
SAML V2.0 Metadata Extensions for Login and Discovery User Interface Version 1.0 specifies a set of helpful metadata elements that may be used.
The problem is that there is no perfect match. As I see it there are two choices:
<mdui:KeyWords>elements. This needs further explainations since the keywords are just strings.<mdui:DiscoHints>. This would require a new string type to be defined since the only defined sub-elements are:IPHint,DomainHintandGeolocationHint, and none of those is suitable to store an organization name.The text was updated successfully, but these errors were encountered: