Skip to Content.
Sympa Menu

mace-opensaml-users - Re: Stability of source tree

Subject: OpenSAML user discussion

List archive

Re: Stability of source tree


Chronological Thread 
  • From: Bradley Beddoes <>
  • To: Chad la Joie <>
  • Cc:
  • Subject: Re: Stability of source tree
  • Date: Mon, 28 Aug 2006 23:01:28 +1000

Hi Chad.
Thanks for the extra information.

Overall what you have mentioned is what we are looking for as far as support goes right now, obviously it would be nice to see these other features at some stage in the future but we were already prepared to implement the bindings we are looking at (HTTP Post and SAML Soap), it is a fairly application specific task in a number of ways anyway.

As for profile support once again we were prepared to create this code and a looking towards Web Browser SSO profile at this point in time, the code will also need to use the LDAP Attribute Profile. We may choose to have a look at the Single logout profile if time permits. Certainly not looking at any of the other profiles at this point in time, though the XACML profile is of interest to me longer term.

Overall if the library is able to handle the various XML formats defined in the specification for metadata, core assertions and requests for AuthN/Attributes and undertake the various cryptographic checks and assurances I think we are in pretty good shape.

I'd be interested in talking with you further about adding the extra functionality, give me a few weeks get things turning here and I will get back to you.

regards,
Bradley

Chad la Joie wrote:
Just to add a bit more to what Scott said.

If you're looking for a base library to parse SAML messages the current code bases are pretty stable. We have a couple API tweaks (class name alignments) that we'll be doing this week, but after that we aren't aware of any others we'll need to make. So the library would include building/marshalling/unmarshalling support, digital signature support, and a couple of trust engines driven by SAML 2 metadata.

If you're looking for transpot/binding/profile support that won't be there. Personally, if you are looking for that, I'd like to hear what you need. I've been having a hard time coming up with an architecture, that I like, for that functionality.

Bradley Beddoes wrote:
Hi,
I am currently in the process of finalizing the design of a project in the AAA space and was wanting to get some guidance please on the stability of the opensaml 2 code.

Essentially there are several pieces of the 2.0 spec that would be very useful in the design of this project as it currently stands but I note that the code repository clearly states that it should not be used in production systems.

Timelines for starting work on this project in a technical sense are within the next month to two months with completion by early 2007.

Could you please advise if the code (both Java and C++) is stable enough for usage now or if not how stability plans may fit in with my timelines. Should it prove to not be a happy fit we will have to look at using the 1.1 compliant opensaml code.

thanks,
Bradley

Bradley Beddoes | Senior Programmer | Network Applications
Queensland University of Technology

Ph +61 7 3864 1702 | Fax +61 7 3864 2921

email

CRICOS No 00213J




Archive powered by MHonArc 2.6.16.

Top of Page