Subject Re: VO challenges - article
From Keith Hazelton <keith.hazelton@xxxxxxxx>
Date Thu, 22 Oct 2015 14:32:57 +0000

Have to say I agree with Scott’s point:  If the sole use of a campus IdP by VOs is for authentication and credential management, other solutions will drive those IdPs out of the federated VO space.

email & jabber: keith.hazelton@xxxxxxxx

On 2015-10-22, 09:17 , "Cantor, Scott" <cantor.2@xxxxxxx> wrote:

>On 10/22/15, 6:57 AM, "David Chadwick" <d.w.chadwick@xxxxxxxxxx> wrote:
>>But isn't this a protocol issue? The SP can demand this in the request
>>cant it? (certainly in our Shib implementation we can ask for either
>>persistent or transient and both work)
>I can demand a pony, that doesn't mean I'll get one.
>My own opinion is that once you give up on using federation for authorization data, it's inevitable that authentication will follow.
>If the IdPs don't want to be in the buisiness of helping with access management for the applications using their service, then they won't have a service to worry about within a short span of time.
>-- Scott