Determine how sites control cookie frame policy at the idp
We have observed the frame-ansestor cookie attribute affects the operation of xdmod iframe elements in the OOD main page. We've heard that folks adjust their cookie settings at the idp to help support this. Given that control over the idp is not common in a federated identity environment, it would be interesting to learn how these sites manage their accounts.
For example, do they just maintain local accounts and simply use the mechanisms of federation to share user identity across service provider boundaries. Or, do they operate an idp that itself gets identities from external partners (eg. upstream idps) and then re-issues those as local identities to it's own SPs in a "private" federation?
Let's find out what sites do that have operational xdmod+ood integrations that rely on the iframe model.