Child pages
  • IdP Proxy (proxying either IdPs or SPs) as a Metadata Entry

Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Migrated to Confluence 4.0
Wiki Markup
{div:style=float:right;margin-left:1em;margin-bottom:1ex} !Gateways_and_Proxies.png|thumbnail!{div}

We

...

have

...

a

...

few

...

use

...

cases

...

where

...

we

...

will

...

need

...

to

...

deploy

...

an

...

IdP

...

Proxy.

...

The

...

use

...

cases

...

mostly

...

revolve

...

around

...

vendors

...

that

...

can

...

only

...

communicate

...

with

...

a

...

single

...

IdP

...

per

...

site,

...

but

...

where

...

we

...

have

...

multiple

...

IdPs

...

that

...

will

...

authenticate

...

users.

...

The

...

IdP

...

Proxy

...

is

...

in

...

place

...

to

...

make

...

these

...

SPs

...

see

...

a

...

single

...

IdP

...

instead

...

of

...

many.

...

We

...

have

...

some

...

other

...

use

...

cases

...

that

...

have

...

slightly

...

different

...

justifications

...

for

...

the

...

existence

...

use

...

of

...

the

...

IdP

...

Proxy,

...

but

...

the

...

underlying

...

issues

...

from

...

a

...

"New

...

Entities"

...

standpoint

...

are

...

similar

...

for

...

all

...

the

...

use

...

cases.

...

Conceptually,

...

the

...

use

...

cases

...

break

...

down

...

into

...

two

...

categories

...

of

...

issues:

...

  1. IdP

...

  1. Proxy

...

  1. "in

...

  1. front

...

  1. of"

...

  1. an

...

  1. SP.

...

  1.  
    1. In this case we want to register the IdP Proxy as an SP entry, even though there is(are)

...

    1. a

...

    1. distinct

...

    1. SP(s)

...

    1. being

...

    1. served

...

    1. by

...

    1. the

...

    1. IdP

...

    1. Proxy.

...

    1. In

...

    1. most

...

    1. cases,

...

    1. The

...

    1. SPs

...

    1. being

...

    1. protected

...

    1. will

...

    1. be

...

    1. unregistered

...

    1. (i.e.,

...

    1. no

...

    1. metadata

...

    1. in

...

    1. InCommon)

...

    1. Are

...

    1. there

...

    1. issues

...

    1. registering

...

    1. such

...

    1. an

...

    1. "intermediary"

...

    1. SP

...

    1. in

...

    1. InCommon?

...

      1. I

...

      1. presume

...

      1. that

...

      1. in

...

      1. general

...

      1. it's

...

      1. okay

...

      1. to

...

      1. register

...

      1. the

...

      1. IdP

...

      1. Proxy

...

      1. as

...

      1. an

...

      1. SP,

...

      1. as

...

      1. the

...

      1. actual

...

      1. architecture

...

      1. of

...

      1. whether

...

      1. the

...

      1. SP

...

      1. is

...

      1. installed

...

      1. locally

...

      1. (on

...

      1. the

...

      1. vendor

...

      1. application

...

      1. servers)

...

      1. or

...

      1. remotely

...

      1. (at

...

      1. a

...

      1. "blessed"

...

      1. IdP

...

      1. Proxy)

...

      1. doesn't

...

      1. affect

...

      1. the

...

      1. overall

...

      1. business

...

      1. integration.

...

    1. What

...

    1. would

...

    1. be

...

    1. the

...

    1. operating

...

    1. expectations

...

    1. of

...

    1. an

...

    1. SP

...

    1. that

...

    1. stands

...

    1. in

...

    1. front

...

    1. of

...

    1. multiple

...

    1. external

...

    1. vendors?

...

      1. There

...

      1. is

...

      1. a

...

      1. risk

...

      1. that

...

      1. the

...

      1. IdP

...

      1. Proxy

...

      1. could

...

      1. use

...

      1. its

...

      1. access

...

      1. to

...

      1. data

...

      1. from

...

      1. IdPs

...

      1. to

...

      1. begin

...

      1. releasing

...

      1. data

...

      1. to

...

      1. additional

...

      1. SPs.

...

      1. (Technically

...

      1. any

...

      1. SP

...

      1. could

...

      1. do

...

      1. this,

...

      1. but

...

      1. by

...

      1. nature

...

      1. of

...

      1. being

...

      1. an

...

      1. IdP

...

      1. Proxy,

...

      1. it

...

      1. may

...

      1. make

...

      1. the

...

      1. Proxy

...

      1. operator

...

      1. less

...

      1. aware

...

      1. of

...

      1. the

...

      1. need

...

      1. to

...

      1. make

...

      1. the

...

      1. SPs

...

      1. visible

...

      1. to

...

      1. external

...

      1. IdPs)

...

      1. Do

...

      1. the

...

      1. existing

...

      1. POP

...

      1. and

...

      1. other

...

      1. requirements

...

      1. of

...

      1. registration

...

      1. address

...

      1. these

...

      1. concerns?

...

  1. IdP

...

  1. proxy

...

  1. "in

...

  1. front

...

  1. of"

...

  1. multiple

...

  1. IdPs

...

  1. (that

...

  1. may

...

  1. be

...

  1. registered

...

  1. in

...

  1. InCommon

...

  1. themselves)

...

    1. Vendor

...

    1. SPs

...

    1. may

...

    1. want

...

    1. to

...

    1. connect

...

    1. to

...

    1. our

...

    1. IdP

...

    1. Proxy

...

    1. using

...

    1. InCommon

...

    1. metadata

...

    1. for

...

    1. their

...

    1. configuration.

...

    1. Is

...

    1. it

...

    1. possible

...

    1. for

...

    1. such

...

    1. an

...

    1. IdP

...

    1. Proxy

...

    1. to

...

    1. be

...

    1. registered

...

    1. in

...

    1. InCommon?

...

    1. What

...

    1. additional

...

    1. requirements

...

    1. would

...

    1. an

...

    1. IdP

...

    1. Proxy

...

    1. be

...

    1. held

...

    1. to?

...

    1. Again,

...

    1. because

...

    1. this

...

    1. IdP

...

    1. Proxy

...

    1. has

...

    1. the

...

    1. ability

...

    1. to

...

    1. issue

...

    1. assertions

...

    1. that

...

    1. appear

...

    1. to

...

    1. come

...

    1. from

...

    1. a

...

    1. single

...

    1. SP

...

    1. (to

...

    1. the

...

    1. IdPs),

...

    1. there

...

    1. is

...

    1. the

...

    1. risk

...

    1. of

...

    1. bypassing

...

    1. the

...

    1. proxied

...

    1. IdPs'

...

    1. release

...

    1. practices

...

    1. with

...

    1. an

...

    1. IdP

...

    1. Proxy

...

    1. in

...

    1. the

...

    1. mix.

...

In

...

my

...

use

...

case

...

discussions,

...

regardless

...

of

...

whether

...

the

...

IdP

...

Proxy

...

gets

...

listed

...

in

...

InCommon,

...

my

...

expectation

...

is

...

that

...

we

...

would

...

deploy

...

such

...

proxies

...

with

...

targeted

...

entityIDs.

...

That

...

is,

...

to

...

avoid

...

the

...

potential

...

issues

...

called

...

out

...

in

...

1.c.

...

and

...

2.c.,

...

if

...

we

...

have

...

two

...

applications

...

that

...

need

...

to

...

be

...

proxied

...

(and

...

we

...

do

...

!),

...

we

...

would

...

configure

...

the

...

IdP

...

Proxy

...

in

...

such

...

a

...

way

...

that

...

the

...

SP

...

entityIDs

...

seen

...

by

...

the

...

proxied

...

IdPs

...

are

...

distinct

...

and

...

still

...

make

...

visible

...

to

...

the

...

IdPs

...

what

...

specific

...

SP/service

...

is

...

being

...

accessed.