Hey all, I'd like to propose a spec proposal freeze exception for IDP Specific WebSSO [0]. This topic has been discussed, in length, on the mailing list [1], where this spec has been referenced as a possible solution [2]. This would allow for multiple Identity Providers to use the same protocol. As described on the mailing list, this proposal would help with the public cloud cases for federated authentication workflows, where Identity Providers can't be directly exposed to users. The flow would look similar to what we already do for federated authentication [3], but it includes adding a call in step 3. Most of the code for step 3 already exists in Keystone, it would more or less be adding it to the path. Thanks! [0] https://review.openstack.org/#/c/199339/2 [1] http://lists.openstack.org/pipermail/openstack-dev/2015-August/071131.html [2] http://lists.openstack.org/pipermail/openstack-dev/2015-August/071571.html [3] http://goo.gl/lLbvE1 -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://lists.openstack.org/pipermail/openstack-dev/attachments/20150812/d897a293/attachment.html>