That is more or less my default position.There may be times when it is more efficient for administrative reasons to proxy a group of RP via a gateway.In general gateways create more privacy issues than they solve.It is probably worth discussing at IIW. I expect NIST will be raising the issue in the iGov WG as well.John B.On Oct 24, 2015, at 12:24 PM, Justin Richer <jricher@mit.edu> wrote:My view on this remains “to increase privacy get rid of brokers”. A full mesh SAML or PKI federation is untenable, so that’s why we’ve deployed brokers in the past. But OIDC, with dynamic client registration and server discovery, is built for this. I believe wee need to move towards this model._______________________________________________Is anyone interested in writing up a response to that effect with me? Perhaps we could run a session on it at IIW this week for those of us that will be there (including myself).— JustinOn Oct 23, 2015, at 8:29 AM, Andrew Hughes <andrewhughes3000@gmail.com> wrote:_______________________________________________Hi UMAnitarians - not sure if you've seen this notice yetI'm vice-chair of IAWG & we are probably going to assemble comments on this."Privacy-Enhanced Identity Brokers"Comments to inform a new collaborative project & eventual 1800 series Practice Guide at the NIST NCCoEDue 18 Decemberhttp://www.nist.gov/itl/acd/ncce/20151022privacy.cfmAndrew Hughes CISM CISSP
Independent Consultant
In Turn Information Management Consultingo +1 650.209.7542
m +1 250.888.9474
1249 Palmer Road,
Victoria, BC V8P 2H8
AndrewHughes3000@gmail.com
ca.linkedin.com/pub/andrew-hughes/a/58/682/
Identity Management | IT Governance | Information Security
WG-UMA mailing list
WG-UMA@kantarainitiative.org
http://kantarainitiative.org/mailman/listinfo/wg-uma
WG-UMA mailing list
WG-UMA@kantarainitiative.org
http://kantarainitiative.org/mailman/listinfo/wg-uma
_______________________________________________
WG-UMA mailing list
WG-UMA@kantarainitiative.org
http://kantarainitiative.org/mailman/listinfo/wg-uma