On Fri, 2013-04-26 at 13:57 -0500, Bruno Wolff III wrote:
If we used SAML, the IdP can provide group membership information
which could be used by SPs for authz.
I didn't know what SAML was yesterday, so I checked out wiki which says:
The single most important problem that SAML addresses is the web browser
single sign-on (SSO) problem. Single sign-on solutions are abundant at
the intranet level (using cookies, for example) but extending these
solutions beyond the intranet has been problematic and has led to the
proliferation of non-interoperable proprietary technologies. (Another
more recent approach to addressing the browser SSO problem is the OpenID
From this, it seems OpenID might be a better fit.