shibboleth-dev - Re: Trust metadata for discussion
Subject: Shibboleth Developers
List archive
- From:
- To:
- Subject: Re: Trust metadata for discussion
- Date: Wed, 14 May 2003 10:55:05 -0400
At 1:08 AM -0400 5/14/03, Scott Cantor wrote:
Chatted with Walter briefly on this, thought I'd distribute a little wider now that it's crystallized a bit. I've worked on some
extensions to the metadata schema to drive the trust evaluation at the SHIRE, which is the only spot that's completely under our
control (the rest is SSL stuff and currently handled somewhat under the covers).
This looks very interesting... tho its going to take a few tries to full understand it... let me start with low level questions, trying to better understand the model.....
For example I can configure my OSU target thusly:
Now I can trust both external and internal sites, but use a different CA for each set. I'll have to configure my SHAR with both CAs,
but the AA trust still flows somewhat from the original SHIRE step, so if I trust that part, I can trust the AA name/location to be
ok for now.
how would we deal with the situation where osu.edu has to be in both groups/federations? (ie you'd like "regular" osu folks to be able to access your local targets?)
I suppose you could operate a second AA, making assertions on behalf of a differently named osu domain. And then include that second domain in the osu group.
But, suppose you didn't want to do that.. and instead wanted to have the osu origin in BOTH incommon and the osu federation.....
how would that affect your target side algorithms?
------------------------------------------------------mace-shib-design-+
For list utilities, archives, subscribe, unsubscribe, etc. please visit the
ListProc web interface at
http://archives.internet2.edu/
------------------------------------------------------mace-shib-design--
- Trust metadata for discussion, Scott Cantor, 05/14/2003
- Re: Trust metadata for discussion, Steven_Carmody, 05/14/2003
- RE: Trust metadata for discussion, Scott Cantor, 05/14/2003
- RE: Trust metadata for discussion, Steven_Carmody, 05/14/2003
- RE: Trust metadata for discussion, Scott Cantor, 05/14/2003
- RE: Trust metadata for discussion, RL 'Bob' Morgan, 05/14/2003
- Re: Trust metadata for discussion, Walter Hoehn, 05/14/2003
- RE: Trust metadata for discussion, Scott Cantor, 05/14/2003
- RE: Trust metadata for discussion, RL 'Bob' Morgan, 05/14/2003
- Re: Trust metadata for discussion, Walter Hoehn, 05/14/2003
- RE: Trust metadata for discussion, Scott Cantor, 05/14/2003
- RE: Trust metadata for discussion, Steven_Carmody, 05/15/2003
- RE: Trust metadata for discussion, RL 'Bob' Morgan, 05/14/2003
- RE: Trust metadata for discussion, Steven_Carmody, 05/14/2003
- RE: Trust metadata for discussion, Scott Cantor, 05/14/2003
- Re: Trust metadata for discussion, Steven_Carmody, 05/14/2003
Archive powered by MHonArc 2.6.16.