Shibboleth Developers

["RL 'Bob' Morgan" <>]

On Thu, 24 Jan 2002, Scott Cantor wrote:

> The SHIRE "acceptance point" is a servlet for now because:
>
> A) It has to respond directly to an HTTP POST, the way any other CGI
> response would do, and Java + CGI = servlet.
> B) It has to verify an XML signature, practically mandating Java for at
> least that one piece.
> C) Launching a Java VM per handle acceptance is ugly though possibly
> doable.
>
> The rest of the SHIRE and the SHAR are going to be in an Apache module,
> in C/C++, the same as any other normal security related
> filter/processing agent would be.

OK, thanks.  So there *is* a Java -> non-Java communications barrier to be
overcome, but it happens to be within the SHIRE/SHAR rather than between
the SHAR and the RM/app.

> There is a problem to solve for the Java part of the SHIRE to pass state
> into the C++ part of the SHIRE/SHAR, but it's similar to the problems of
> building Apache modules that share state between forked children anyway,
> so it's mandatory to deal with eventually even if we could build the
> whole thing in C.
>
> All that said, if there's a shared memory toolkit out there that
> supports both C and Java, that would be cool to hear about, but I don't
> know of one.

Hmm, I'll see if Java-nauts here can provide any clue.

Seems to me that a JVM per incoming authn-assertion would be, ah,
sub-optimal.

 - RL "Bob"


------------------------------------------------------mace-shib-design-+
For list utilities, archives, subscribe, unsubscribe, etc. please visit the
ListProc web interface at 

    http://archives.internet2.edu/

------------------------------------------------------mace-shib-design--