Shibboleth Developers

[Scott Cantor <>]

> My personal opinion is that CORBA is RPC on sterroids.  I've 
> looked at CORBA, and honestly, IMHO, that's what it is.  It 
> does give you an object-based model, but the IDL is almost 
> exactly like what you'd feed to rpcgen, except it has a few 
> additional constructs that don't exist in ONC-RPC.

I'm inclined to agree with you, though my experience is more with ORPC
than CORBA, and DCE more than either.

One question re: ONC, does it support aliased pointers these days? I
built (and still use) a really nice tree-based abstraction on top of DCE
that allows something close to the CORBA "any" model where the data in
and out is dynamic.  It more or less fixes the static interface problem
that makes RPC so brittle and turns it into a run-time contract, which
is kind of useful.

The IDL is just a tree structure with linked lists, so it needs
alias-aware marshalling. I was under the perhaps mistaken idea that ONC
didn't support that at one point.

> URL?  I'll go look at it.  This part is easily the least 
> concrete of my whole proposal.

Sorry, it's an OASIS spec-in-progress:
http://www.oasis-open.org/committees/xacml/

Basically it's a model for expressing access control policy expressions
in terms of SAML attributes.

>  3) I think an arbitraily complex XML file will be more challenging
>     for a user to configure by hand than an arbitrarily complex Scheme
>     file.  Then again I come from MIT so I may be mistaken, but I
>     can't envision any XML file ever being as simple as the example
>     above.

XML is certainly more verbose. Whether that helps or hurts probably
depends on the user. As with most uses of XML, that value comes less
from what XML buys you and more from the fact that your neighbor
probably used XML and your customer expected you to. It really is
nothing more than being in the herd, but it's a big herd.

I'm not sure why the XML would be arbitrarily complex and the Scheme
wouldn't, though. Whatever data abstractions you build can probably be
expressed in either one, though it's been too long since I used LISP and
I never used Scheme, so I wouldn't want to swear to that. It seems to me
that if you textually represent the Scheme structure, I can morph it
into XML pretty deterministically. It's just a lexical representation
anyway.

What might be kind of cool is to think about building an XACML engine in
Scheme.

-- Scott

------------------------------------------------------mace-shib-design-+
For list utilities, archives, subscribe, unsubscribe, etc. please visit the
ListProc web interface at 

    http://archives.internet2.edu/

------------------------------------------------------mace-shib-design--