"SAML V2.0 Metadata Extensions for Login and Discovery User Interface"

Albert Lunde <atlunde@panix.com> Thu, 03 May 2012 16:00 UTC

Return-Path: <ietf-http-wg-request@listhub.w3.org>
X-Original-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Delivered-To: ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 16DDB21F866C for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Thu, 3 May 2012 09:00:02 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -10.599
X-Spam-Level:
X-Spam-Status: No, score=-10.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, RCVD_IN_DNSWL_HI=-8]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id hUhPKbToYdtJ for <ietfarch-httpbisa-archive-bis2Juki@ietfa.amsl.com>; Thu, 3 May 2012 09:00:02 -0700 (PDT)
Received: from frink.w3.org (frink.w3.org [128.30.52.56]) by ietfa.amsl.com (Postfix) with ESMTP id D487E21F8667 for <httpbisa-archive-bis2Juki@lists.ietf.org>; Thu, 3 May 2012 09:00:01 -0700 (PDT)
Received: from lists by frink.w3.org with local (Exim 4.69) (envelope-from <ietf-http-wg-request@listhub.w3.org>) id 1SPyQG-0008I4-NE for ietf-http-wg-dist@listhub.w3.org; Thu, 03 May 2012 15:58:28 +0000
Received: from lisa.w3.org ([128.30.52.41]) by frink.w3.org with esmtp (Exim 4.69) (envelope-from <atlunde@panix.com>) id 1SPyQ7-0008HD-09 for ietf-http-wg@listhub.w3.org; Thu, 03 May 2012 15:58:19 +0000
Received: from mailbackend.panix.com ([166.84.1.89]) by lisa.w3.org with esmtp (Exim 4.72) (envelope-from <atlunde@panix.com>) id 1SPyPu-00033E-HK for ietf-http-wg@w3.org; Thu, 03 May 2012 15:58:16 +0000
Received: from [129.105.233.63] (socrates.tss.northwestern.edu [129.105.233.63]) by mailbackend.panix.com (Postfix) with ESMTP id 1672328ED4 for <ietf-http-wg@w3.org>; Thu, 3 May 2012 11:57:46 -0400 (EDT)
Message-ID: <4FA2AAF2.4090407@panix.com>
Date: Thu, 03 May 2012 10:57:38 -0500
From: Albert Lunde <atlunde@panix.com>
User-Agent: Mozilla/5.0 (Windows NT 6.0; WOW64; rv:12.0) Gecko/20120428 Thunderbird/12.0.1
MIME-Version: 1.0
To: ietf-http-wg@w3.org
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 7bit
Received-SPF: pass client-ip=166.84.1.89; envelope-from=atlunde@panix.com; helo=mailbackend.panix.com
X-W3C-Hub-Spam-Status: No, score=-2.6
X-W3C-Hub-Spam-Report: BAYES_00=-1.9, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01
X-W3C-Scan-Sig: lisa.w3.org 1SPyPu-00033E-HK 4685573f007df57bf714b2614d483c2a
X-Original-To: ietf-http-wg@w3.org
Subject: "SAML V2.0 Metadata Extensions for Login and Discovery User Interface"
Archived-At: <http://www.w3.org/mid/4FA2AAF2.4090407@panix.com>
Resent-From: ietf-http-wg@w3.org
X-Mailing-List: <ietf-http-wg@w3.org> archive/latest/13515
X-Loop: ietf-http-wg@w3.org
Resent-Sender: ietf-http-wg-request@w3.org
Precedence: list
List-Id: <ietf-http-wg.w3.org>
List-Help: <http://www.w3.org/Mail/>
List-Post: <mailto:ietf-http-wg@w3.org>
List-Unsubscribe: <mailto:ietf-http-wg-request@w3.org?subject=unsubscribe>
Resent-Message-Id: <E1SPyQG-0008I4-NE@frink.w3.org>
Resent-Date: Thu, 03 May 2012 15:58:28 +0000

This looks like a solution to "how to decorate an authentication process 
with descriptive and cosmetic information". It might be possible to 
profile its use for some forms of HTTP authentication as well as the 
full-blown SAML WebSSO profiles.

(Though I would wonder about problems with putting this much XML into 
HTTP headers.)

http://www.oasis-open.org/news/announcements/saml-v2-0-metadata-extensions-for-login-and-discovery-user-interface-v1-0-publish

"We are pleased to announce the approval and publication of an OASIS 
Committee Specification (CS) by the members of the OASIS Security 
Services (SAML) TC [1]:

SAML V2.0 Metadata Extensions for Login and Discovery User Interface 
Version 1.0
Committee Specification 01
03 April 2012

Overview:

This document defines a set of extensions to SAML metadata that provide 
information necessary for user agents to present effective user 
interfaces and, in the case of identity provider discovery, recommend 
appropriate choices to the user."

"SAMLV2.0 metadata [SAML2Meta] provides a mechanism for expressing 
information necessary for SAML entities to successfully communicate with 
each other. However in most SAML profiles there is also a user agent 
involved, usually representing an actual person, that also participates 
in the profiled message exchanges. This document defines a set of 
extensions to metadata that provide information necessary for user 
agents to present effective user interfaces and, in the case of identity 
provider discovery, provide for recommendation of appropriate choices to 
the user." [...]

"There are existing, though incomplete, metadata elements that carry 
some of this information, but existing practice around their use is 
inconsistent, and defining extensions with more well-defined semantics 
is less disruptive to existing metadata deployments."

-- 
     Albert Lunde  albert-lunde@northwestern.edu
                   atlunde@panix.com  (address for personal mail)