- Identity is in URL format (guess email is not enough?)
- easy for developer
Browser based Authentication:
- The service provider contact the IDP URL to get the capability and based on the authentication protocol chosen start the authentication - Now a few things here. First of all this means that SP needs to understand all the authentication protocols i.e. be it LID, OpenID or something else. Does not make a lot of sense but fine, lets continue.
- SP uses the "protocol supported way" to redirects user to IP which authenticates the user
- Profile exchange: Well if you need to get specific data about the user you need to ask for the Identity URL like IDURL?xpath=field that is needed&lid=SP's Identity