Skip to Content.
Sympa Menu

shibboleth-dev - Re: Work items, next W2K+ target package

Subject: Shibboleth Developers

List archive

Re: Work items, next W2K+ target package


Chronological Thread 
  • From: Scott Cantor <>
  • To: Howard Gilbert <>,
  • Subject: Re: Work items, next W2K+ target package
  • Date: Mon, 17 Nov 2003 14:20:58 -0500

On 11/17/03 2:09 PM, "Howard Gilbert"
<>
wrote:

> A COM solution appears to be necessary if we are to support classic
> interpreted ASP scripts. There may also be some advantage to using logic in
> a COM component over C logic in an ISAPI filter (because of the difficulty
> of developing and debugging ISAPI).

I've done both. ISAPI is easier to develop and to debug, in C++ anyway. The
advantage of COM is getting it out of the core server process, and out of
the control of the IIS server admin.

> However, if you only consider the new ASP.NET environment of the .NET
> Framework, then a much more elegant solution presents itself. Classic IIS
> only supported Windows Authentication for accounts in AD. ASP.NET provides
> for Application-Managed authentication for principals that are not in the
> domain based on application defined roles.

I think this all fine, but I'm far from convinced that there aren't
surprises in there for people trying to cut off Microsoft's server from
their infrastructure. Microsoft doesn't tend to make that easy.

If people have done this before, I'd feel more confident that it will work.

Secondly, is there support in their data model for having arbitrary
attributes, or just roles? Roles aren't going to be good enough.

-- Scott




Archive powered by MHonArc 2.6.16.

Top of Page