Shibboleth Developers

[Ryan Muldoon <>]

Title: Re: OS X info, webDAV use case

I completely agree – the hard part of DAV support is getting real client support for actual HTTP standards.  My inclination is that Apple would be reasonably willing to adjust things if needed, since I’m pretty sure they can use neon to link against for their http support.  Microsoft could as well, but they are usually not so great about embracing standards.  So it isn’t so much that they would have to be convinced to support Shibboleth (as I doubt any of their big customers are clamoring for it), but that they need to support HTTP 1.1.  I have no access to a Windows machine anymore, but doesn’t the Web Folders stuff just use “IE technology”?  In that case, as long as it is a BASIC AUTH or a DIGEST AUTH type, shouldn’t it work?  Granted, it won’t work if you need to log on at a website, but if you just push a login/password request, won’t a dialog box just pop up?  As I recall with thinking about DAV with pubcookie, everything works so long as you’ve logged into login server with a browser first, then use web folders.  I’d imagine that it should be the same case with Shib.  But again, I can’t test this right now.

   --Ryan

On 9/24/03 11:41 AM, "Wilcox, Mark" <> wrote:

> The question is how do you entice the biggest DAV client of them all -- Microsoft, to change to support something Shibboleth when they SPENGO & Passport, since I don't think they're looking to support SAML?
>  
> I don't think that's a question of showing proof of concept of how it should work but rather MS has a business reason not to do SAML/Shibboleth at all. 
> Mark 
>  
> -----Original Message----- 
> From: Ryan Muldoon [mailto:] 
> Sent: Wed 9/24/2003 11:36 AM 
> To: Scott Cantor; Wilcox, Mark; ;  
> Cc: 
> Subject: Re: OS X info, webDAV use case
>
> > http://dav.sourceforge.net/
> > Has DavFS2 (for linux), which uses the neon library for DAV functionality.
> > Neon actually supports HTTP 1.1 (being that it is a reference library), so
> > redirects and such aren't a problem.  Using this along with something like
> > the auth frontend that I circulated over the summer should work for linux
> > filesystems just fine.  Of course, that only solves 1% of the client
> > problem, but at least it provides a proof of concept for other vendors.
> >
> >     --Ryan
> >
> > On 9/24/03 11:15 AM, "Scott Cantor" <> wrote:
> >
> > >> A final note -- I wonder if for DAV we should focus more on using Shib for
> > >> authorization and not authentication. That is if I know it's
> > >>  and unt.edu is in my federation can I call the unt.edu
> > >> origin server to see data about mewilcox?
> > >
> > > Well, that's one possibility. The other is to consider writing a file system
> > > extension for some popular systems that can do a redirect-based SSO. Doesn't
> > > really solve the client issue, but might help illustrate the concept for
> > > vendors.
> > >
> > > -- Scott
> > >
> > > ------------------------------------------------------mace-shib-design-+
> > > For list utilities, archives, subscribe, unsubscribe, etc. please visit the
> > > ListProc web interface at
> > >
> > >   http://archives.internet2.edu/
> > >
> > > ------------------------------------------------------mace-shib-design--
> > >
> > >