Skip to Content.
Sympa Menu

shibboleth-dev - Non-web scenarios

Subject: Shibboleth Developers

List archive

Non-web scenarios


Chronological Thread 
  • From: "Diego R. Lopez" <>
  • To:
  • Cc:
  • Subject: Non-web scenarios
  • Date: 21 Sep 2003 22:06:29 +0200


said:
> I'd like to start collecting use cases for Shib in non-browser,
> non-web applications. Please email them to the list before monday's
> call. They should reference how the authentication assertion is
> obtained, and how assertions are transported and used.

A typical case is the use of authN assertions in instant messaging
systems (we are just starting to discuss about this in the brand new
I2IM group), so users can seamlessly:

* Obtain authorization to exchange messages with other users in the
same "group" (whatever a group is), without the usual
introduction/authorization process per each indiviual user

* Gain access to restricted rooms

* Initiate server to server interactions in order to access users/groups
in other servers: sort of what was called "application level multicast"
some time ago.

* . . .

The authentication assertion can be initially generated by the IM client
once the user has been identified: Data on how to get a fresh handle can
be easily stored in the client configuration. Other possible alternative
is to use a browser "helper" through a Web-ISO system that launches the
IM client with the appropriate handle.

Since Jabber messages are based on XML, including SAML assertions
inside them should not be very painful, as well as building server
plugins able to process the assertions in the federated style,
possibly using some external authorization engine (SPOCP? PERMIS?
XACML?).

Enjoy,
--
"Esta vez no fallaremos, Doctor Infierno"

Diego R. Lopez


RedIRIS
The Spanish NREN
Tel: +34 955 056 621
Mobile: +34 669 898 094
-----------------------------------------

------------------------------------------------------mace-shib-design-+
For list utilities, archives, subscribe, unsubscribe, etc. please visit the
ListProc web interface at

http://archives.internet2.edu/

------------------------------------------------------mace-shib-design--




Archive powered by MHonArc 2.6.16.

Top of Page