Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 9 Next »

Abstract

This document is a product of the Universal Login Experience Work Group. It records the requirements for the user experience based on scenarios and use cases.

Status

This document is currently under active development. Its latest version can always be found here. See the Change History at the end of this document for its revision number.

Editors
  • TBD
Intellectual Property Notice

The Universal Login Experience Work Group operates under Option Liberty and the publication of this document is governed by the policies outlined in this option.

Overview

This is a summary of the collective set of information supplied by all of the actors (IdP, RP, User Agent) in constructing a suitable pop-up experience for discovery.

Relying Party Inputs

  • Required/Optional Claims
    • Required and optional identifier/attribute information needed to proceed with login and "immediately expected" user activity.
  • Assurance Characteristics
    • Capturing properties of RP's security/identity requirements that might impact IdP selection.
  • Trusted Issuers
    • Names of acceptable IdPs and local sources of authentication
  • Preferred Issuers
    • Opportunity to bias or pre-populate choices based on expected user population using particular choices
  • UI Information
    • Properties to influence UI (colors, fonts, ...)

Comments:

  1. PAUL: I'd like to see an "attributes first" approach supported (details)

Identity Provider Inputs

  • Supported Claims
    • Identifier/attribute information offered
  • Assurance Characteristics
    • Capturing properties of IdP's security/identity requirements that might impact RP acceptance.
  • Logo/Name/Description
    • Information needed to drive presentation of IdP as a choice.
  • Presentation Requirements
    • Can login be accomplished within a pop-up or is a full frame required?
  • Registration/Credentialing Bootstrap
    • Link to location(s) to help users acquire the necessary credential (e.g. an Infocard)

Supported claims

IDP's supported attributes and claims

SAML

Already defined in SAML Metadata specifications

Example :

 <IDPSSODescriptor WantAuthnRequestsSigned="true"
      protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol">
   ...
   <saml:Attribute
      NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"
      Name="urn:saml_attribute_name_1" />
   <saml:Attribute
      NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"
      Name="urn:saml_attribute_name_2" />
   ...
 </IDPSSODescriptor>
OpenID
  • The Yadis XRDS document only advertizes the SREG/AX service(s) supported by the OP but not the exact list of supported attributes/claims.
  • Proposal : Extension to the YADIS XRDS document.
    Explicitly advertize OP's supported attributes/claims part of XRDS document published by the OP ?
    _Help needed on best way to do it with XRDS
  • No labels