...
- The Yadis XRDS document only advertizes the SREG/AX service(s) supported by the OP but not the exact list of supported attributes/claims.
- Proposal : Extension to the YADIS XRDS document.
Explicitly advertize OP's supported attributes/claims part of XRDS document published by the OP ?
_Help needed on best way to do it with XRDS…
InfoCard
Supported claims are advertized at the creation/import of the Information Card.
Assurance Characteristics
IDP's supported Authentication Contexts and Assurance Levels
SAML
Generic mechanism defined in "SAML Metadata Extension for Entity Attributes" and specific attribute already defined in "SAML Identity Assurance Profiles"
Proposal for ACs : define a new attribute name for Authentication Context classes :
Code Block |
---|
urn:oasis:names:tc:SAML:attribute:authn-context-class
|
OpenID
Supported Authentication policies can already be advertized in the Yadis XRDS document as specified in "OpenID Provider Authentication Policy Extension 1.0" (should also be used to advertize supported Assurance Level ?)
Can PAPE be used as well to advertize the OP's Assurance Level ? (and how does it relates to the OIX Listing Service ?)
InfoCard
- Authentication Contexts and Assurance Levels are just considered as claims.
- As an example, claims for Assurance Levels have been defined by ICF :
Code Block icam-assurance-level-1 icam-assurance-level-2 icam-assurance-level-3
Logo/Name/Description
SAML
An OASIS working draft exists with SAML metadata extensions for capturing this information. It is protocol agnostic.
http://wiki.oasis-open.org/security/SAML2MetadataUI
OpenID
Proposal : Extension to the YADIS XRDS document
Advertize OP's DisplayName and Logo URL part of XRDS document published by the OP ?
Help needed on best way to do it with XRDS…
InfoCard
N/A (either just the "InfoCard" logo or CardTile of the last used InfoCard)
...
User Agent Inputs
- Preferred/Supported/Previously Used Issuers
- Opportunity to bias or pre-populate choices based on history, user affiliations/preferences, etc.
- Accessibility Requirements
- Do pop-ups cause accessibility concerns for discovery or login?
...