On 20-Feb-06, at 5:42 PM, Nick Ragouzis wrote:
PG2. Existing protocol SAMLv2 is heavy; we want light.
Well 'heavy' and 'light' aren't very rigorous... but I'd say this goes back to the adoption goal: 'How do we get an internet wide identity protocol into everyone's hands as quickly as possible?' As a slight aside, in your 'Setting aside irrelevant or incomplete histories' post you had lots of nice data points about SAML deployments. Enlightened me actually. SAML's clearly offering people enough value that people are building businesses around it and it's being deployed by big corporations. But... in all my years of Internet surfing I've never come across a website that said 'Take me to your IdP...', or 'Can I be your Idp...' Never. Am I just cruising the web with my blinkers on? There's something about SAML that's meant that developers of the websites that I frequent haven't chosen to deploy it. Why is that? That's kinda rhetorical, but I don't want to rant about why SAML doesn't work for me as a User, Membersite or Homesite developer, I'd rather one of them stood up and said it. I think we need to drill into the reasons for PG2. John _______________________________________________ dix mailing list [email protected] https://www1.ietf.org/mailman/listinfo/dix
