OpenSAML user discussion

[Chad La Joie <>]

I'm not out to get sys admins but when you run in to problems like this
my experience has shown it is *always* due to a more systemic problem.
In cases of web apps my experience has been that the main issue are
those individuals who don't want, or think they shouldn't have, to learn
anything about the container.  These containers are non-trivial pieces
of code.  Most containers end up being multiple times the size of the
applications you're trying to run.  Thus, ignoring it means you're
ignoring the *majority* of the application you're try to run.

This then leads to people trying to hack around the container.  For
example by setting up reverse proxies, configuring load balancers in odd
ways, and trying to do tricky things with DNS.  In the end you have
systems that are fragile and difficult to maintain.  I'm not claiming
that the OpenSAML library is great, it's not, but I do think that good
software will make doing the wrong thing a bit painful so as to bring to
light the issue.

Just my Sunday evening philosophizing.

Scott Cantor wrote:
>> That assumption does not hold in all environments (imho). As we want
>> our application to run in as many environments (good and badly
>> designed ones) without fighting our way through the network and system
>> operations departements, we need to be able to configure parameters
>> like SAML target from within the application. I believe this to be
>> genuine use case.
> 
> I can't speak for Chad, but supporting badly designed environments and
> coddling sysadmins is not only a non-goal, but an anti-goal. If I make life
> hard for a lazy sysadmin, I count it a good day.
> 
> -- Scott
> 
> 

-- 
SWITCH
Serving Swiss Universities
--------------------------
Chad La Joie, Software Engineer, Net Services
Werdstrasse 2, P.O. Box, 8021 Zürich, Switzerland
phone +41 44 268 15 75, fax +41 44 268 15 68
,
 http://www.switch.ch