shibboleth-dev - RE: the first external pilot site.....
Subject: Shibboleth Developers
List archive
- From: "Scott Cantor" <>
- To: <>
- Subject: RE: the first external pilot site.....
- Date: Fri, 5 Apr 2002 18:09:27 -0500
- Importance: Normal
- Organization: The Ohio State University
> I'd *really* like a Shibbolized WebAssign to be working before
> semester end, so that some students could use it. I'd also *really
> really* like this to be available for demo at the I2 spring meeting
> (may 6-8).
>
> On monday's call, I'd like to talk about what we have to do to move
> on this stage.....
I won't demand it, but I would like to at least consider slipping in the
newer runtime code on the Java side so that we can sign the
authentication assertions before we use this in a real context even for
testing.
The APIs that the HS and SHIRE use to generate the XML are (I think I
can safely say) very encapsulated and pretty simple to use, so if they
need to change a bit, that isn't a drastic change to the code. That
really isn't where we've hit rough spots with our integration testing,
it's been mostly logistical stuff.
In that vein, all the HS needs is a Java keystore with an RSA key and a
certificate signed by somebody we can live with (CREN maybe?) and then
the SHIRE just needs to check for a CA-signed cert in the assertion. I
don't even care so much if we do any checking of the HS name and origin
site at this point, as long as we at least sign the thing. For one
thing, I think it will yield more useful performance data.
-- Scott
------------------------------------------------------mace-shib-design-+
For list utilities, archives, subscribe, unsubscribe, etc. please visit the
ListProc web interface at
http://archives.internet2.edu/
------------------------------------------------------mace-shib-design--
- the first external pilot site....., Steven_Carmody, 04/05/2002
- RE: the first external pilot site....., Scott Cantor, 04/05/2002
Archive powered by MHonArc 2.6.16.