shibboleth-dev - Shib and portals
Subject: Shibboleth Developers
List archive
- From:
- To:
- Subject: Shib and portals
- Date: Wed, 24 Sep 2003 16:23:41 -0400
18-24 months ago, we had a quite a bit of discussion about how to integrate Shib and portals (or, more specifically, uportal). At that time, we stopped the discussion, because 1) the problem is hard, and 2) it was clear that we wouldn't be addressing this scenario with the initial implementation.
Now, we're begun discussions about the next version of Shib, and we're once again looking at this question.
So far, in conference calls, we've managed to revisit and tour much of the same landscape we explored all those many months ago. One of the popular discussion items is the basic model -- we go round and round on whether the portal can cache credentials and attributes or not. Should the portal obtain and hold a superset of all the attributes required by the various channels it contains, and pass these attributes on to the channels, or should each channel that needs shib attributes make a separate request back to the AA?
So far, there's been no obvious answer. One recent breakthrough, tho, has been to look at this from the trust perspective. And to ask "are there channels (applications) that would not trust the proxy to obtain and forward attributes on their behalf?". We can imagine that there *might be* intra-domain applications with this constraint; its easier to imagine inter-domain applications with this constraint. But, while we can imagine these situations, we also see that virtually all current portal deploys do cache credentials, and this seems to be quite acceptable to campuses. We certainly don't hear lots of screams about this.
And, so far, we don't have a concrete use case in front of us where the channel WILL NOT use forwarded attributes......
Can someone think of one?
------------------------------------------------------mace-shib-design-+
For list utilities, archives, subscribe, unsubscribe, etc. please visit the
ListProc web interface at
http://archives.internet2.edu/
------------------------------------------------------mace-shib-design--
- Shib and portals, Steven_Carmody, 09/24/2003
- Re: Shib and portals, David L. Wasley, 09/24/2003
- RE: Shib and portals, Scott Cantor, 09/24/2003
- <Possible follow-up(s)>
- RE: Shib and portals, Wilcox, Mark, 09/25/2003
- RE: Shib and portals, David L. Wasley, 09/25/2003
- Re: Shib and portals, David L. Wasley, 09/24/2003
Archive powered by MHonArc 2.6.16.