shibboleth-dev - Re: Shibboleth and Sympa
Subject: Shibboleth Developers
List archive
- From: Aumont - Comite Reseaux des Universites <>
- To:
- Subject: Re: Shibboleth and Sympa
- Date: Fri, 17 Oct 2003 08:08:37 +0200
Dear Bob,
Here are some more comments about how Sympa (or any mailing list manager) should act with Shib.
Great we will use it in Sympa authorization scenarios process and it will be possible for some operation (mainly listmaster admin operation) to require a particular authentication method (X509).We do. SAML authentication statements contain an element that does this.
For example, when authenticating with the UW origin the target gets:
HTTP_SHIB_AUTHENTICATION_METHOD ==
"urn:oasis:names:tc:SAML:1.0:am:password"
This discussion started because some Shib designer says that users have multiple email addresses and may want to subscribe with "alternate email addresses". Right ? A mailling list server should not allow anyone to subscribe to anylist with an email address which corresponding mailbox is not under his control . Right ? Well, if email attributes herited by Sympa from Shib authentication are unverified email addresses , you will just have to configure Sympa in order to ignore these attributes. Sympa already allows alternate email adresses to be declared by the users. On this opposite, if email attributes herited by Sympa from Shib authentication are verified emails addresses, it will be possible to configure Sympa to accept any of those email addresses for subscription, unsubscription etc.I'm very surprised ; but maybe I misunderstood you : Are you supposing
that we can't trust email addresses published in home organization's
LDAP directory, ie some email box could not owned by the related user ?
This is the only hypothesis made by Sympa...
You can "trust" them, but you have to understand what they mean. And yes,
my point exactly is that in the general case there is no guarantee that an
email address listed for a user is under the control of that user.
It's just a matter of Sympa configuration to define what Shib attribute provide a trusted email address.
Serge Aumont
Serge Aumont
- Shibboleth and Sympa, Olivier Salaun - CRU, 10/08/2003
- Re: Shibboleth and Sympa, RL 'Bob' Morgan, 10/08/2003
- Re: Shibboleth and Sympa, Olivier Salaun - CRU, 10/09/2003
- Re: Shibboleth and Sympa, RL 'Bob' Morgan, 10/16/2003
- Re: Shibboleth and Sympa, Olivier Salaun - CRU, 10/09/2003
- RE: Shibboleth and Sympa, Scott Cantor, 10/08/2003
- <Possible follow-up(s)>
- Re: Shibboleth and Sympa, Aumont - Comite Reseaux des Universites, 10/17/2003
- Re: Shibboleth and Sympa, Steven_Carmody, 10/17/2003
- Re: Shibboleth and Sympa, RL 'Bob' Morgan, 10/20/2003
- Re: Shibboleth and Sympa, RL 'Bob' Morgan, 10/08/2003
Archive powered by MHonArc 2.6.16.