Skip to Content.
Sympa Menu

mace-opensaml-users - RE: 2.0 Status Update & Request for Feedback

Subject: OpenSAML user discussion

List archive

RE: 2.0 Status Update & Request for Feedback


Chronological Thread 
  • From: "Scott Cantor" <>
  • To: "'Tom Scavo'" <>
  • Cc: <>
  • Subject: RE: 2.0 Status Update & Request for Feedback
  • Date: Thu, 2 Mar 2006 21:34:38 -0500
  • Organization: The Ohio State University

> Hmm, let me see if I understand what you're saying. Since both
> Browser/POST and Browser/Artifact can use attribute push, attribute
> queries (pull) are unnecessary. Is that what you mean?

Yes. It creates problems and solves none that I know of, with the exception
of the fact that queries are easier to configure in a cluster than an
artifact callback is, so if encryption was too expensive, you get more
complexity in the callback unless you stuck with POST + query. I'm hoping
encryption is cheap enough to use. Doubling the cost of a signature may not
be fatal.

> > Beyond that, I really don't know what it means to "support" it other
> > than exposing the components that make up a SAML query runtime,
> > which the code does now, at least in C++.
>
> Are you talking about OpenSAML or the Shib SP?

Both. You can't have a complete viable stack in OpenSAML alone. Too much is
out of scope, such as configuration and PKI code, to name two obvious
examples.

But I wrote a workable service that used the old SP library + OpenSAML to do
an attribute query I needed for something, and it was straightforward. It
would be easier now than it was then, and should be easier in the future in
2.0. But it's not all there without providing the necessary context for why
the query is happening.

-- Scott




Archive powered by MHonArc 2.6.16.

Top of Page