Social2SAML gateway authentication assertion contents
hazelton at doit.wisc.edu
Mon Nov 21 14:01:12 GMT 2011
The MACE Social-Ident Working Group is developing recommendations for developers of Social2SAML Gateways such as SWAMI's IdPproxy, PennState's OpenID to SAML gateway, Lucas Rockwell's IdCorral Shibboleth IdP Proxy and CMU's Tartan-ConnectID.
One of the requirements for an ideal gateway is that the Relying Party needs to be told the identity of both the original social IdP and the Social2SAML gateway itself.
Where should the social IdP and the gateway identity be carried in the SAML authentication assertion? What are the alternatives and tradeoffs?
--Keith Hazelton for socialidentity at internet2.edu
More information about the users