shibboleth-dev - Re: Non-web scenarios
Subject: Shibboleth Developers
List archive
- From: "Diego R. Lopez" <>
- To: Peter Saint-Andre <>
- Cc: ,
- Subject: Re: Non-web scenarios
- Date: 02 Oct 2003 14:55:32 +0200
> Such requests are answered by the user's server, not the user's
> client. This enables us to have some control server-side over a user's
> profile from the SAML perspective. So the chat service pings the
> user's server, and the user's server replies (using our triumphant but
> yet-to-be-developed SAML-over-XMPP spec). There is no client-side work
> to do at all, no special clients required, everyone can use
> off-the-shelf Jabber clients and there is no need for
> lockdowns on allowable clients. This is in line with the Jabber Way of
> shunting complexity on to servers and components, thus keeping clients
> as simple as possible.
So that means that it is not necessary to extend Jabber clients with
AA knowledge, but you'll have to do so with servers. Just to use the
scenario of the chat room, what I intended to say in my message was:
1) The chat room is restricted by an authorization rule saying "Only
members of the Avengers can enter this room"
2) A user (let's say,
captain.america@marvel)
try to enter this room
3) The server must use a handle somehow conveyed by the user (from its
configuration, from the client configuration, in an specific message,
asking a handle service using the user ID) to contact the
appropriate Attribute Authority and ask whether Captian America is
member of the Avengers.
What you say (and I think that's good news) is that most, if not all,
of the effort can be done at the server: plain Jabber clients could do
in this more identity aware world of the future without change. I'm
going to ask our Jabber-minded guy (Jose-Manuel Macias, who is also in
the list) to look this more deeply: I definitely like the idea.
Best regards,
--
"Esta vez no fallaremos, Doctor Infierno"
Diego R. Lopez
RedIRIS
The Spanish NREN
Tel: +34 955 056 621
Mobile: +34 669 898 094
-----------------------------------------
- Re: Non-web scenarios, Diego R. Lopez, 10/02/2003
- <Possible follow-up(s)>
- RE: Non-web scenarios, Scott Cantor, 10/02/2003
- RE: Non-web scenarios, Diego R. Lopez, 10/02/2003
- RE: Non-web scenarios, Scott Cantor, 10/02/2003
- RE: Non-web scenarios, Diego R. Lopez, 10/02/2003
- RE: Non-web scenarios, Scott Cantor, 10/03/2003
Archive powered by MHonArc 2.6.16.