Monday, December 10, 2007

Look at that escargot!

Reading through SAML 2.0 Bindings, I noticed the diagram for the Enhanced Client or Proxy (ECP) Profile flow.



The call-out on the left for Step 3 states
ECP determines Identity Provider to use (methods vary, details not shown)

Well how timely. One such mechanism for choosing the Identity Provider will be an S-card within the Higgins identity selector - as selected by the user (once candidate IDPs are determined by mapping the criteria of the request against the capabilities of the different providers.)

Specifically, an S-card will represent the relationship the user has with a SAML-based IDP, just an an M-card represents the relationship with a WS-Trust based IDP.

No comments: