...
Michael Gettes: When I talk to vendors I start with "Shibboleth" because many of their "SAML" implementations are incomplete and/or incorrect.
| Wiki Markup |
|---|
*SUMMARY FROM REPORT OUT TO THE LARGER GROUP* : Informed user consent about attribute release, i.e. what exactly is the user agreeing to when checking \[OK\] when logging in from their Google etc. account is something that needs more work... |
Naming: OpenID or OAuth is not something that most users will associate with their accounts...
There are a variety of implementations in the wild, and sharing experiences will be useful...
ACTIVITIES GOING FORWARD / NEXT STEPS
...