If you know an RP that you feel may be making bad trust decisions about their partner IDPs/OPs - it's difficult to know what to do.
Should you intervene? You may worry that talking to them will be seen as 'butting in'. Will they be offended, embarassed, litigious?
Does the RP even have a problem? The following are warning signs that an RP you know may have a federated identity gambling problem
1) Do they constantly talk about arcane things like PAPE, or AuthnContext?
2) Do they trust unknown IdPs/OPs in the hope of 'winning back' lost customers?
3) Do they lie to family and friends about their federated identity activities?
4) Do they neglect local sign-on mechanisms in favour of federated login?
If you have a friend RP demonstrating any or all of the above signs, there is help - a site to help friends, help friend RPs.
No comments:
Post a Comment