Should UCTrust provide a central discovery service?
Maybe multiple DS implementations for various entity categories?
See this discussion from shibboleth-users.
This was discussed again very briefly during some of the 2015 UCTrust calls. In the discussion, we asked whether there was a clear agreement on how a discovery service should function. Deploying a vanilla DS should not be difficult; questions may remain as to: (1) who will implement it and (2) what "additional features" a DS should have.
Potential features of a system-wide discovery service:
- Support for SAML 2 DS listing all UCTrust IdPs in the discovery interface.
- Support for SAML 1 DS?
- Support for custom per-IdP lists of IdPs?
- Support for per-entity category lists of IdPs?
- Support for branding of the DS?
If the goal is just 1 (or 1 and 2) then deployment and maintenance shouldn't be difficult. If 3-5 are required, then some additional design or prep work might be required.