shibboleth-dev - RE: Non-web scenarios
Subject: Shibboleth Developers
List archive
- From: "Diego R. Lopez" <>
- To: Scott Cantor <>
- Cc: , ,
- Subject: RE: Non-web scenarios
- Date: 03 Oct 2003 00:52:24 +0200
> Maybe I'm confused, but this seems off. There's already a SAML binding
> that works for basic synchronous query/response, and since defining
> new bindings is a harm to interop, it hasn't been done since the
> original one was defined. Not to say it'll never happen, but it will
> have to be something you can't do with SOAP/HTTP.
Well, you can't make a Jabber server use its native protocol to make
a query and read a response. I think that using a XMPP binding for
SAML could make sense if it is confined to implement a gateway allowing
a Jabber server make authZ decisions by means of the data received
inside a XMPP message.
The SOAP binding is the only "outer binding", and the Jabber server
maintains its only XMPP speaking.
> Additionally, the benefit we want here is trust delegation. Rather
> than having the jabber servers trust each other directly, the goal is
> to let the chatroom trust only the SAML authorities (via a federation,
> bilateral trust, or whatever) and then it can use that trust fabric to
> allow the other server to talk to it about a user. Otherwise, you have
> to implement n x n trust relationships among all the application
> servers, and federations don't really buy you much.
Right. That's a very important point we all have to be in mind when
walking beyond the web scenarios.
--
"Esta vez no fallaremos, Doctor Infierno"
Diego R. Lopez
RedIRIS
The Spanish NREN
Tel: +34 955 056 621
Mobile: +34 669 898 094
-----------------------------------------
- Re: Non-web scenarios, Diego R. Lopez, 10/02/2003
- <Possible follow-up(s)>
- RE: Non-web scenarios, Scott Cantor, 10/02/2003
- RE: Non-web scenarios, Diego R. Lopez, 10/02/2003
- RE: Non-web scenarios, Scott Cantor, 10/02/2003
- RE: Non-web scenarios, Diego R. Lopez, 10/02/2003
- RE: Non-web scenarios, Scott Cantor, 10/03/2003
Archive powered by MHonArc 2.6.16.