Skip to Content.
Sympa Menu

mace-opensaml-users - Re: 2.0 Status Update & Request for Feedback

Subject: OpenSAML user discussion

List archive

Re: 2.0 Status Update & Request for Feedback


Chronological Thread 
  • From: Tim Freeman <>
  • To: "Tom Scavo" <>
  • Cc: ,
  • Subject: Re: 2.0 Status Update & Request for Feedback
  • Date: Sun, 5 Mar 2006 19:12:26 -0600

On Sun, 5 Mar 2006 19:03:28 -0500
"Tom Scavo"
<>
wrote:

> On 3/2/06, Tom Scavo
> <>
> wrote:
> >
> > (Globus Toolkit is using OpenSAML in other ways, so I'll let someone
> > closer to Globus respond.)
>
> Well, nobody from Globus followed up, so I'll take a stab at it.

Sorry Tom I was going to wait until the new gridshib CVS was up so I could
point
to the common/saml directory (it's not there yet).

> As
> far as I know, Globus Toolkit's primary use of OpenSAML 1.1 involves
> the AuthorizationDecisionStatement in conjunction with an access
> control technology called Community Authorization Service (CAS).

This document "Use of SAML for OGSA Authorization" outlines the details:
http://www.globus.org/toolkit/security/ogsa/authz/OGSA-SAML-authorization-profile-june4.pdf

Also, I wanted to mention the GridShib for GT module now supports SAML2
metadata
consumption. To accomplish this we transplanted the Shibboleth 1.3c metadata
packages into the OpenSAML 1.1 Java codebase and repackaged this under a
globus-opensaml-1.1.jar. There is no pointer to this yet as I'm waiting on an
ACL change to get our new CVS directory up:
:pserver::/home/globdev/CVS/globus-packages/gridshib

I think Tom's already stated previously that we would be interested in
evaluating OpenSAML 2.0's metadata support.

Thanks,
Tim


> So
> I assume Globus would like support for AuthorizationDecisionStatement
> (SAML 1.1) and AuthzDecisionStatement (SAML 2.0) in OpenSAML 2.0. I'm
> just guessing, but it seems likely that CAS will not be ported to SAML
> 2.0, so of the two, the AuthorizationDecisionStatement would be most
> important.
>
> That's all I can think of right now.
>
> Thanks,
> Tom
>






Archive powered by MHonArc 2.6.16.

Top of Page