SP registration APIs

Liam Hoekenga liamr at umich.edu
Wed Aug 1 15:56:00 EDT 2018

> > OIDC with no trust (only web PKIX) and self-registration is probably
> > closest to what you have right now?
> Given that Liam has asked about OIDC before, that was my first thought
> as well, FWIW.

I think OIDC's dynamic registration might be the closest match to what's
going on in Cosign, and it /is/ supported by the GEANT OIDC provider.
Running an open SAML IDP or enabling OIDC dynamic registration creates a
similar problem that we're having with Cosign - we don't have a good idea
of who's using our service or how to get in touch with them.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://shibboleth.net/pipermail/users/attachments/20180801/c8327751/attachment.html>

More information about the users mailing list