OpenSAML user discussion

[Bradley Beddoes <>]

Hi Chad.
Thanks for the extra information.

Overall what you have mentioned is what we are looking for as far as 
support goes right now, obviously it would be nice to see these other 
features at some stage in the future but we were already prepared to 
implement the bindings we are looking at (HTTP Post and SAML Soap), it 
is a fairly application specific task in a number of ways anyway.

As for profile support once again we were prepared to create this code 
and a looking towards Web Browser SSO profile at this point in time, the 
 code will also need to use the LDAP Attribute Profile. We may choose 
to have a look at the Single logout profile if time permits. Certainly 
not looking at any of the other profiles at this point in time, though 
the XACML profile is of interest to me longer term.

Overall if the library is able to handle the various XML formats defined 
in the specification for metadata, core assertions and requests for 
AuthN/Attributes and undertake the various cryptographic checks and 
assurances I think we are in pretty good shape.

I'd be interested in talking with you further about adding the extra 
functionality, give me a few weeks get things turning here and I will 
get back to you.

regards,
Bradley

Chad la Joie wrote:
> Just to add a bit more to what Scott said.
>
> If you're looking for a base library to parse SAML messages the current 
> code bases are pretty stable.  We have a couple API tweaks (class name 
> alignments) that we'll be doing this week, but after that we aren't 
> aware of any others we'll need to make.  So the library would include 
> building/marshalling/unmarshalling support, digital signature support, 
> and a couple of trust engines driven by SAML 2 metadata.
>
> If you're looking for transpot/binding/profile support that won't be 
> there.  Personally, if you are looking for that, I'd like to hear what 
> you need.  I've been having a hard time coming up with an architecture, 
> that I like, for that functionality.
>
> Bradley Beddoes wrote:
> > Hi,
> > I am currently in the process of finalizing the design of a project in 
> > the AAA space and was wanting to get some guidance please on the 
> > stability of the opensaml 2 code.
> >
> > Essentially there are several pieces of the 2.0 spec that would be 
> > very useful in the design of this project as it currently stands but I 
> > note that the code repository clearly states that it should not be 
> > used in production systems.
> >
> > Timelines for starting work on this project in a technical sense are 
> > within the next month to two months with completion by early 2007.
> >
> > Could you please advise if the code (both Java and C++) is stable 
> > enough for usage now or if not how stability plans may fit in with my 
> > timelines. Should it prove to not be a happy fit we will have to look 
> > at using the 1.1 compliant opensaml code.
> >
> > thanks,
> > Bradley
> >
> > Bradley Beddoes | Senior Programmer | Network Applications
> > Queensland University of Technology
> >
> > Ph +61 7 3864 1702 | Fax +61 7 3864 2921
> >
> > email 
> >
> > CRICOS No 00213J