Shibboleth Developers

["Scott Cantor" <>]

Parviz,

Per the Monday call, I dug back into the arch doc, and found section
5.6.5, an AA subsection. What it basically says is that if the AA
doesn't know any different, it has to assume that the hostname of the
target is equal to the name of the SHAR that would request attributes
with that target in the Resource field.

In other words, if the SHAR abuses its role by saying the target is
something it doesn't have anything to do with (or at least the AA thinks
it doesn't), you can do one of two things:

a) fail the query returning some code that we can define
b) apply whatever default ARP is set for that SHAR (presumably a basic
ARP that doesn't specify a target at all)

Because the ARPs are very much by SHAR (and not by target alone), option
b isn't a security problem. If you have a default ARP that's very
liberal for a SHAR, you're trusting that SHAR already in some sense.
Most defaults will be more conservative.

-- Scott

------------------------------------------------------mace-shib-design-+
For list utilities, archives, subscribe, unsubscribe, etc. please visit the
ListProc web interface at 

    http://archives.internet2.edu/

------------------------------------------------------mace-shib-design--