The Identity Provider Selection WG How to solve the evolution from 3 to 4 authentication actors
The Traditional Authentication Tryptic Identity Provider Relying Party • A strong relationship exists between one RP and one IdP • The RP adresses one IdP • The user has few IdPs
The Actual Authentication Tryptic: the trends Identity Providers Relying Party • But the RP sees more and more Identity Providers to address… • And has to manage an increasing diversity of IdPs and their respective protocols… The selection of the IdP for a user becomes crucial
The Next Authentication Quatuor Relying Party Identity Provider ISA* • RP want to address many IdPs to increase their audience • The ISA is able to reconcile the 3 actors and their respective expectations * ISA: Identity Provider Selection Agent
The IdP Selection WorkGroup Aims at Defining: • Possibility for the RP to delegate the selection of the user's IDP to an ISA and express some criteria to be considered for that selection process. • Discovery of the user's preferred IDP(s) by ISA. • Possibility for the ISA to obtain user's IDP(s) capabilities as well as other data (metadata). • GUI and UX guidelines for SP and ISA.