Subject Re: VO challenges - article
From David Chadwick <d.w.chadwick@xxxxxxxxxx>
Date Thu, 22 Oct 2015 15:36:56 +0100

On 22/10/2015 15:17, Cantor, Scott wrote:
> On 10/22/15, 6:57 AM, "David Chadwick" <d.w.chadwick@xxxxxxxxxx>
> wrote:
>> But isn't this a protocol issue? The SP can demand this in the
>> request cant it? (certainly in our Shib implementation we can ask
>> for either persistent or transient and both work)
> I can demand a pony, that doesn't mean I'll get one.

But really we are not asking for a pony, only an ant (since PIDs are as
common as them)

> My own opinion is that once you give up on using federation for
> authorization data, it's inevitable that authentication will follow.

With the evolution of FIDO this may well be the case.
But the value of SSO with a PID is still worth a lot to end users and
SPs, at the cost of next to nothing for IdPs.

> If the IdPs don't want to be in the buisiness of helping with access
> management for the applications using their service, then they won't
> have a service to worry about within a short span of time.

Sadly most likely to be true


> -- Scott