Versions Compared

Old Version 3

changes.mady.by.user Former user

Saved on

compared with

New Version Current

changes.mady.by.user Former user

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Migration of unmigrated content due to installation of a new plugin

...

This document is currently under active development. Its latest version can always be found here. See the ulx:Change History at the end of this document for its revision number.

...

Table of Contents

Table of Contents
maxLevel
maxLevel3
minLevel1
3outlinetrue
indent20px

...

Frequently, a relying party (RP) is capable of supporting authentication of users and exchange of identity information using more than one protocol. Unfortunately, the user experience for these RPs is often confusing and includes options that are not supported by the browser.

This document describes a format for RPs to use to express their capabilities and requirements to browsers.

RP Metadata Reference

The RP embeds an element on its login page that contains an ordered sequence of references to metadata files specific to each of the RP's supported login protocols, in order of preference. This allows an enhanced browser to only download metadata for protocols it supports. The login page also contains legacy login markup for unenhanced browsers. Additionally, an RP can include a privacy policy related to the identity informaiton it receives.

Code Block
   <RPLoginMetadata>
      <xrd:XRD xmlns:xrd="xri://$xrd*($v*2.0)" version="2.0">
         <xrd:Type>xri://$xrds*simple</xrd:Type>
         <xrd:Service>
            <xrd:Type>http://www.kantarainitiative.org/metadata/1.0/rplogin</xrd:Type>
            <xrd:Subject>http://www.kantarainitiative.org/metadata/1.0/saml2</xrd:Subject>
            <xrd:URI simple:httpMethod="GET">http://rp.com/my_saml2_login_metadata.xml</xrd:URI>
         </xrd:Service>
         <xrd:Service>
            <xrd:Type>http://www.kantarainitiative.org/metadata/1.0/rplogin</xrd:Type>
            <xrd:Subject>http://www.kantarainitiative.org/metadata/1.0/imi</xrd:Subject>
            <xrd:URI simple:httpMethod="GET">http://rp.com/my_imi_login_metadata.xml</xrd:URI>
         </xrd:Service>
         <xrd:Service>
            <xrd:Type>http://www.kantarainitiative.org/metadata/1.0/rplogin</xrd:Type>
            <xrd:Subject>http://www.kantarainitiative.org/metadata/1.0/openid</xrd:Subject>
            <xrd:URI simple:httpMethod="GET">http://rp.com/my_openid_login_metadata.xml</xrd:URI>
         </xrd:Service>
		 <xrd:Service>
            <xrd:Type>http://www.kantarainitiative.org/metadata/1.0/rpprivacypolicy</xrd:Type>
            <xrd:URI simple:httpMethod="GET">http://rp.com/my_privacy_metadata.xml</xrd:URI>
         </xrd:Service>
      </xrd:XRD>
   </RPLoginMetadata>

...