OpenSAML user discussion

[jerome moliere <>]

Hello Scott,

Wednesday, June 23, 2004, 6:15:13 PM, you wrote:

>> I concluded that the best basis for a toolkit in Java was 
>> OpenSAML, but my customers need Liberty alliance features so
>> I must have some clues for the delta between SAML 
>> specifications & Liberty features in order to be
>> able to make a planning for coding these faetures using 
>> opensaml as a low layer.

SC> Hmm, it's not a small delta, and frankly, the value add you really get 
from
SC> building a Liberty implementation on top of this code is arguably pretty
SC> small. You could save time and steal a lot of the signing code, but 
probably
SC> little else.

oops bad news...
SC> Liberty today purports to "extend" SAML 1.1, but that's a fiction. It's a
SC> do-over that doesn't extend so much as "inspire itself" from the original
SC> SAML draft specs and uses a few SAML objects here and there. The schema
SC> extensions in particular get pretty invasive, and it's far from clear to 
me
SC> that you could implement ID-FF by extending my classes without a lot of
SC> work.

SC> Also, the really interesting bits (PKI for example) are all in the
SC> Shibboleth layer we built on top of the SAML code.

yes I had a look on your project but was afraid by the complexity...
too much packages...
I guess that these packagings come from usage from native code due to 
kerberos & other stuff?

SC> I'm not trying to discourage you, just want you to know what you're 
looking
SC> at.
thanks for all your precious warnings...

>> I'm very confused by some slides fetched on sourceid website where
>> liberty is shown as a layer above saml but where some saml 
>> features are not present in the liberty protocol

SC> I wouldn't characterize ID-FF as a layer on SAML, more like a big ball 
that
SC> has a bit of SAML inside it.

yes it was my first idea after seing specs....
it sounds better to me than a brick built on top of SAML...
SC> The good news is that SAML 2.0 is a merge of SAML and ID-FF into one 
unified
SC> spec that I think is pretty well designed (my bias showing since I helped
SC> design it). The bad news is the spec is only just now nearing final drafts
SC> and it will be a while before we get it implemented. Depending on your 
time
SC> frame though, I would be thinking hard about it.
I guess that you know how projects are scott , so time frame is very short 
and decisions must be taken in the next days :)

thanks for your complete & wise answer
cheers

-- 
Best regards,
 jerome                            
mailto:
Auteur cahier du programmeur Java tome 2 - Eyrolles 10/2003
http://www.eyrolles.com/php.informatique/Ouvrages/ouvrage.php3?ouv_ean13=9782212111941