shibboleth-dev - Re: Use case for origin independent groups of users

Subject: Shibboleth Developers

List archive

Re: Use case for origin independent groups of users

From: Derek Atkins <>
To: Thomas Lenggenhager <>
Cc:
Subject: Re: Use case for origin independent groups of users
Date: 30 Oct 2003 10:40:34 -0500

Thomas Lenggenhager
<>
writes:

> I do not know much of the JISC project. When you depend on attribute
> certificates they have to be stored in the directory of the origin site.
>
> With the proposed use case I would like to be independent of the
> organizational directories of the origin sites. Virtual organizations
> have minimal infrastructure. They have no own origin installation and no
> write access to the directories of the origin sites of their users.

If they have no trusted infrastructure then there is no way to maintain
a database of users of the group. An absolute requirement for such a
system is "the ability to maintain a list of users in a trusted database"
and, well, you've just re-defined an Attribute Authority!

> Thomas

-derek

--
Derek Atkins, SB '93 MIT EE, SM '95 MIT Media Laboratory
Member, MIT Student Information Processing Board (SIPB)
URL: http://web.mit.edu/warlord/ PP-ASEL-IA N1NWH

PGP key available

Use case for origin independant groups of users, Thomas Lenggenhager, 10/28/2003
- Re: Use case for origin independant groups of users, Tom Barton, 10/29/2003
  - RE: Use case for origin independant groups of users, Scott Cantor, 10/29/2003
    - Re: Use case for origin independant groups of users, Tom Barton, 10/29/2003
      - RE: Use case for origin independant groups of users, Scott Cantor, 10/29/2003
  - Re: Use case for origin independant groups of users, Diego R. Lopez, 10/30/2003
  - Re: Use case for origin independent groups of users, Thomas Lenggenhager, 10/30/2003
    - Re: Use case for origin independent groups of users, Derek Atkins, 10/30/2003

List archive

Re: Use case for origin independent groups of users