On Fri, 2013-04-26 at 13:57 -0500, Bruno Wolff III wrote:
If we used SAML, the IdP can provide group membership information which could be used by SPs for authz.
I didn't know what SAML was yesterday, so I checked out wiki which says:
""" The single most important problem that SAML addresses is the web browser single sign-on (SSO) problem. Single sign-on solutions are abundant at the intranet level (using cookies, for example) but extending these solutions beyond the intranet has been problematic and has led to the proliferation of non-interoperable proprietary technologies. (Another more recent approach to addressing the browser SSO problem is the OpenID protocol.) """
From this, it seems OpenID might be a better fit.
Pierre