Shibboleth Developers

Some of the use cases put forward in response  to my request for 
"non-browser non-web applications" fall into a category I'll label 
"sort-of web". I'd put WebDAV and the Darwin Streaming Server  into 
this category. (There are other categories; I'll  discuss those in a 
separate note.)

WebDAV rides atop http. Clients peak http; one of the most popular 
server implementations is the apache mod_dav module. The SS can 
seemingly be accessed in a number of ways... but after much tutoring 
by someone from  Apple, I'm leaning toward believing that ultimately 
some kind of client gets run on the desktop (perhaps triggered from a 
web browser; the client might be QuickTime Player, RealPlayer, 
Windows Media Player, etc), and the client speaks RTSP to the SS. The 
RFC describing RTSP includes  this text:

D.1.2 Authentication-enabled

   In order to access media presentations from RTSP servers that require
   authentication, the client MUST additionally be able to do the
   following:
     * recognize the 401 status code;
     * parse and include the WWW-Authenticate header;
     * implement Basic Authentication and Digest Authentication.

so, yes, RTSP  is  somewhat like HTTP...... and if I protect a movie 
within SS, my player pops up a dialog that looks a  lot like a 
browser's Basic Authn dialog.

So those are the two I'm currently calling "sort-of web". Server 
sides for both implement authn in typical  web server fashion (DAV 
can use whatever is configured into the apache server; RTSP will use 
Basic or Digest). And both will typically have a non-browser client 
in the desktop.

My question is -- how would we like shibbollized versions  of these to work?

-- modify the webdav  client to do shib in some fashion?

-- or, shib protect the webdav target, but have the target supply 
something other than a handle to the AA, when requesting attributes? 
(eg cert, sort  sort of userid, etc)

-- have the AA check out-of-band for "presence"  before releasing 
attributes (eg jabber, etc)

-- I  don't think its useful to say that the AA would only use the 
default policy in this case -- presumably, that releases  only a bare 
minimum of attributes,  and presumably something more than  that 
would be needed to access  protected webdav areas....

------------------------------------------------------mace-shib-design-+
For list utilities, archives, subscribe, unsubscribe, etc. please visit the
ListProc web interface at 

   http://archives.internet2.edu/

------------------------------------------------------mace-shib-design--