shibboleth-dev - Preliminary outline of XML runtime
Subject: Shibboleth Developers
List archive
- From: "Scott Cantor" <>
- To: <>
- Subject: Preliminary outline of XML runtime
- Date: Mon, 5 Nov 2001 13:32:09 -0500
- Importance: Normal
I've attached a web page that describes my breakdown of the XML runtime layer
along with some technical considerations, and an
input/output/state breakdown that will hopefully drive the API design.
>From my perspective, the only part that will take some real discussion is
>the AA side of things, because the division between the
message-transport and message-handling layer is less obvious, and because we
have to get the attributes into XML in a clean way.
This outline presumes no signing of the back-end pieces (except from SSL), by
the way.
-- Scott
Title: Shibboleth XML Runtime Components
Shibboleth XML Runtime Components1. Handle Presentation ProductionUsed ByHandle Service TechnologyJava class layered on Xerces-J, XML Security, SAML Assertion Builder? Internal StateIssuing organization domain name Policy URI(s) for assertion conditions Signing key and certificate Digest and signing algorithm specifiers InputSHIRE acceptance URL Handle issued by HS OutputSigned XML instance containing certificate 2. Handle Presentation ConsumptionUsed BySHIRE POST acceptance handler TechnologyJava class layered on Xerces-J, XML Security, SAML Assertion Checker? Internal StateReplay cache of assertion ID Policy URI(s) to check assertion conditions SHIRE URI to check assertion condition Flag controlling IP address checking Mapping file of HS names to organization domain names Signature/certificate validation processing rules InputSigned XML instance containing certificate OutputResult of validation User query handle Time and method of authentication Client IP address AA location information Issuing organization domain name 3. Attribute Requester/UnmarshalerUsed BySHAR TechnologyC++ class layered on Xerces-C++, SAML Request Builder and Response Checker?, SAML SOAP/HTTPS?, OpenSSL Internal StatePolicy URI(s) to check assertion conditions AA certificate validation processing rules InputUser query handle URL of target resource AA location information OutputStatus of attribute request XML-encoded attributes or complete XML assertion 4. Attribute Request ParserUsed ByAA TechnologyJava class layered on Xerces-J, SAML Request Checker? Internal StateSHAR certificate validation processing rules InputXML SAML Request (possibly inside a SOAP envelope or body?) OutputSAML RequestID User query handle SHAR name URL of target resource 5. Attribute MarshalerUsed ByAA TechnologyJava class layered on Xerces-J, SAML Assertion/Response Builder Internal StatePolicy URI(s) for assertion conditions InputUser query handle SAML RequestID Validity times XML encoded attributes Status information OutputXML SAML Response (possibly inside a SOAP envelope or body?) |
- reminder - shib design call - new time.....TODAY, Steven_Carmody, 11/05/2001
- Preliminary outline of XML runtime, Scott Cantor, 11/05/2001
- Re: reminder - shib design call - new time.....TODAY, RL 'Bob' Morgan, 11/05/2001
- Re: reminder - shib design call - new time.....TODAY, RL 'Bob' Morgan, 11/05/2001
- The code is on now, Scott Cantor, 11/05/2001
- Message not available
- Re: reminder - shib design call - new time.....TODAY, Renee Frost, 11/05/2001
Archive powered by MHonArc 2.6.16.