Centralized Discovery Service - "The Discovery Service should not be called directly"

Tom Scavo trscavo at gmail.com
Wed Jul 23 16:50:08 EDT 2014

On Wed, Jul 23, 2014 at 4:22 PM, Christian Munive
<christian.munive at gmail.com> wrote:
> Oh... yeah, the EDS works pretty well. But since we're thinking of launching
> a national federation... a centralized discovery service seems quite nice to
> have. Each SP could have the option to either have an EDS. But sure... we'll
> try to be prepared to launch another similar service in case something goes
> wrong while implementing a CDS.

I'll add my two cents. If I were starting a federation from scratch, I
would completely avoid a CDS. The user interface of a CDS, almost by
definition, is going to be a jarring experience for the user, which is
why the EDS was invented in the first place. (Other SP software have
the equivalent of an EDS, btw.) See: http://discovery.refeds.org/

A centralized IdP of Last Resort (called various things around the
world) has exactly the same problem but unfortunately no one has
invented an "embedded login service" yet. Social login can fill that
gap but social login is not acceptable to some for other reasons. The
bottom line is: a centralized IdPoLR is a necessary evil until
something better comes along.


> 2014-07-23 14:41 GMT-05:00 Cantor, Scott <cantor.2 at osu.edu>:
>> On 7/23/14, 3:37 PM, "Christian Munive" <christian.munive at gmail.com>
>> wrote:
>> >
>> >As a side comment... would you recommend a WAYF solution, like the one
>> >from Switch (https://www.switch.ch/aai/support/tools/wayf.html), instead
>> >of a Shibboleth CDS?
>> You mentioned you had the EDS working. That, or any of the similar tools
>> like it, is the suggested solution.
>> -- Scott
>> --
>> To unsubscribe from this list send an email to
>> users-unsubscribe at shibboleth.net
> --
> To unsubscribe from this list send an email to
> users-unsubscribe at shibboleth.net

More information about the users mailing list