Shibboleth Developers

[Scott Cantor <>]

On 11/17/03 2:09 PM, "Howard Gilbert" 
<>
 wrote:

> A COM solution appears to be necessary if we are to support classic
> interpreted ASP scripts. There may also be some advantage to using logic in
> a COM component over C logic in an ISAPI filter (because of the difficulty
> of developing and debugging ISAPI).

I've done both. ISAPI is easier to develop and to debug, in C++ anyway. The
advantage of COM is getting it out of the core server process, and out of
the control of the IIS server admin.

> However, if you only consider the new ASP.NET environment of the .NET
> Framework, then a much more elegant solution presents itself. Classic IIS
> only supported Windows Authentication for accounts in AD. ASP.NET provides
> for Application-Managed authentication for principals that are not in the
> domain based on application defined roles.

I think this all fine, but I'm far from convinced that there aren't
surprises in there for people trying to cut off Microsoft's server from
their infrastructure. Microsoft doesn't tend to make that easy.

If people have done this before, I'd feel more confident that it will work.

Secondly, is there support in their data model for having arbitrary
attributes, or just roles? Roles aren't going to be good enough.

-- Scott