Alternative IdP Working Group

[Janemarie Duh <>]

Hello,

Regarding the two CAS strategies that we have on the grid, local CAS
with an outsourced IdP and a CAS Gateway, what is the difference between
the two rows? The only difference appears to be the protocol that is
used between CAS and the Shibboleth/vendor IdP. Whether the solution is
a Gateway or an IdP, they both are outsourced. What would be different
in the CAS Gateway model? Is the protocol specifically of interest?

Does it make sense to keep one or both of these on the grid? Are they a
current possibility as opposed to something that has the potential to be
used in the future? If these are future solutions, I think they should
be dropped from the grid.

I would still need to find volunteers for these. Bill T. said he did not
know of any specific deployments where the IdP was operated by a third
party. That means pinging Andrew Petro to see if he can contribute.



Also, during our call on 9/17, we'll spend time summarizing and
discussing the completed strategies. So far, they are:

Cirrus Bridge (Cloud-hosted SAML IdP)
Outsourced Shibboleth IdP
SimpleSAML.php


Not yet completed are:

ADFS IdP
Google Apps Gateway
Hub and Spoke


If anyone has any questions or concerns, please don't hesitate to let me
know. Thanks!


                    Janemarie



-- 
Janemarie Duh
Identity Management Systems Architect
Information Technology Services
Lafayette College