REFEDS Entity Category: Hide From Discovery v1
The Hide from Discovery Entity Category can be found on the REFEDS website and text from the website should be used as the authoritative source: https://refeds.org/category/hide-from-discovery
History:
v0.1 Initial Draft for comment and consultation.
v0.2 With changes as approved by the REFEDS SC.
v1. Published.
1 Comment
Peter Schober
Maybe amend section 6 ("Security Considerations") with something like this:
Also, hiding an IdP from discovery interfaces is no replacement for proper access control at the SP as there may be other ways for an IdP to establish a session at the SP (such as IdP-initated flows or using Request Initiation Protocol endpoints from SAML metadata).