Skip to Content.
Sympa Menu

mace-opensaml-users - Re: 2.0 Status Update & Request for Feedback

Subject: OpenSAML user discussion

List archive

Re: 2.0 Status Update & Request for Feedback


Chronological Thread 
  • From: "Tom Scavo" <>
  • To: "Chad La Joie" <>
  • Cc:
  • Subject: Re: 2.0 Status Update & Request for Feedback
  • Date: Thu, 2 Mar 2006 16:06:55 -0500
  • Domainkey-signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:to:subject:cc:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; b=nC8TT1fx2Ftqhgvr3FtPOAup3iU1Aq4D6MvPWk5spKxZVvYV8R5rV5h84Fkyj7RvOLuO6IY+8DbCQCxtwGWDaRrP/SS3TaXEyrDA6bcDBRXOEaSa8rB2R2nD+wMzwOZ0hHlGo4osBllCKFCZlFxhc5cfXw1mx+nJX3kISSNU2Pc=

On 3/2/06, Chad La Joie
<>
wrote:
>
> What features do you currently use (in the existing code) and what would
> you like to see added?

Currently in our project (GridShib), we use OpenSAML 1.1 (directly) in
at least the following two ways:

1) Shib IdP Tester (relies on SAMLSOAPBinding)

package org.globus.gridshib.idptest;

import org.opensaml.SAMLAssertion;
import org.opensaml.SAMLAttribute;
import org.opensaml.SAMLAttributeQuery;
import org.opensaml.SAMLAttributeStatement;
import org.opensaml.SAMLBinding;
import org.opensaml.SAMLBindingFactory;
import org.opensaml.SAMLConfig;
import org.opensaml.SAMLException;
import org.opensaml.SAMLNameIdentifier;
import org.opensaml.SAMLRequest;
import org.opensaml.SAMLResponse;
import org.opensaml.SAMLSOAPBinding;
import org.opensaml.SAMLStatement;
import org.opensaml.SAMLSubject;
import org.opensaml.SAMLSubjectStatement;

2) Three SAMLNameIdentifier format handlers (rely on the handler mechanism)

package org.opensaml.nameid;

import org.opensaml.MalformedException;
import org.opensaml.SAMLException;
import org.opensaml.SAMLNameIdentifier;
import org.opensaml.XML;

(Globus Toolkit is using OpenSAML in other ways, so I'll let someone
closer to Globus respond.)

> What things can you just not do in the existing
> code and would thus like to see in the new code.

Well, the most significant missing feature in OpenSAML 1.1 is metadata
support (but you already know that :).

Also, it would be nice if you could layer extensions on top of
OpenSAML similar to the extension mechanism in Shib 1.3.

> And yes, as you pointed out, there are a significantly larger set of
> bindings and profiles in the SAML 2 spec. I feel pretty safe in saying
> that OpenSAML 2.0 will not have codified support for all of those but
> that as the need arises and time allows we'll try to add support for
> additional ones.

Right off the top of my head, the most important profile is the
Assertion Query/Request Profile. Attribute queries are at the heart
of what we do.

Thanks,
Tom



Archive powered by MHonArc 2.6.16.

Top of Page