Shibboleth Developers

["Scott Cantor" <>]

Hi,

I was able to make significant progress over the holiday and I have what
amounts to CMU's "phase two" of the HS and SHIRE API coded and working.

This entails:
- Generating authentication assertions based on input from the HS
- Validating the assertions according to SAML rules and returning the
contents to the SHIRE using the property get methods.

What's not done:
- Replay cache of assertions
- Signing and access to PKI information in assertion
- Some parser optimizations

A lot of the SAML identifiers are invented and I'm using a modified
schema, but the changes will be simple once the final documents are
ready. The good news is I found a way to embed the schemas inside the
jar file, so there won't be much ambiguity about what a given version of
the API expects.

I've updated my javadocs to reflect some small changes, mostly
simplifications for the SHIRE, and I've uploaded and self-tested the
code on nada.

Right now ~scantor/java/lib contains xerces.jar and shibboleth.jar (I'll
add the security libraries later, for now this is all that's needed).
It's fairly crucial that xerces.jar get on the classpath ahead of the
XML parser that comes with Tomcat, which is out of date. I don't know
all the implications there.

I don't grok servlet deployment yet, but I know where Sridhar's code is,
so I'm going to tweak it based on the API's final form and then
hopefully we can start integrating while I move on to the AA?

-- Scott

------------------------------------------------------mace-shib-design-+
For list utilities, archives, subscribe, unsubscribe, etc. please visit the
ListProc web interface at 

    http://archives.internet2.edu/

------------------------------------------------------mace-shib-design--