Skip to Content.
Sympa Menu

shibboleth-dev - LionShare use case

Subject: Shibboleth Developers

List archive

LionShare use case


Chronological Thread 
  • From:
  • To:
  • Subject: LionShare use case
  • Date: Fri, 19 Sep 2003 13:45:15 -0400



LionShare is an attempt to bring P2P file sharing to an academic environment ( http://p2p.libraries.psu.edu/ ). The starting point is the LimeWire software (yes, the RIAA's favorite). The evolution of LimeWire to LionShare v1 added Kerberos based authentication. There is interest in exploring what it would mean to add Shibboleth functionality to LimeWire. This is a first draft of a use case exploring what that might mean.

Context: using Shibboleth 1.1 terms and constructs. Using enterprise-based Federations.

The user launches the LionShare application. The application uses the local enterprise authn mechanism (eg kerberos, PKI, whatever) to obtain credentials for the user. LionShare connects to the local Handle Dispensing Service and presents the user's credentials. After a successful authn, the HDS generates and signs a Shibboleth-compatible SAML Authn Assertion (ie it contains a Shib handle), and returns it to the LionShare client.

The LionShare client connects to another LionShare entity, and presents the signed Authn Assertion. The LionShare entity validates the signature on the Assertion, and then ensures that it recognizes the name of the signer as a trusted member of the Federation. The LionShare entity creates a Shib session associated with the client's IP address, and saves the Authn Assertion.

The LionShare client requests that the LionShare entity initiate a file download. The LionShare entity locates the appropriate session, and recovers the Authn Assertion. The entity opens a connection to the AA named in the Authn Assertion, and asks for attributes. The AA performs its normal processing, and returns an Attribute Assertion.

The LionShare entity accepts the attributes, and performs AAP processing. The LionShare entity then calls the Access Control engine (XACML ?), passing the name of the requested resource and the set of attributes. The Access Control engine returns a YES decision. The entity initiates the download.

------------------------------------------------------mace-shib-design-+
For list utilities, archives, subscribe, unsubscribe, etc. please visit the
ListProc web interface at
http://archives.internet2.edu/

------------------------------------------------------mace-shib-design--



  • LionShare use case, Steven_Carmody, 09/19/2003

Archive powered by MHonArc 2.6.16.

Top of Page