shibboleth-dev - Re: SHIB design call, monday (11/17), 3:00 pm edt, noon pdt
Subject: Shibboleth Developers
List archive
- From:
- To:
- Subject: Re: SHIB design call, monday (11/17), 3:00 pm edt, noon pdt
- Date: Tue, 18 Nov 2003 11:38:46 -0500
At 2:55 PM -0500 11/17/03, Walter Hoehn wrote:
Seems to me that this another shib profile, as opposed to a java target feature. No reason it couldn't be implemented in java and share code with the java target, though.
I think there are a few concerns here, including the one you mention:
1) developing a non-browser based profile.
2) apps like the LionShare client/server (ie apps using an over the wire protocol other than HTTP/SOAP) are going to have to figure out how to transport SAML assertions from one end to the other... presumably by binding these assertions in some fashion to their existing protocol.... this is their problem, not ours (-:
3) some portion of apps like the LionShare will probably want to use OpenSAML to build, send, receive, and parse queries to an AA
4) apps like the LionShare server will probably want to use OpenSAML to parse and validate the SAML assertions that they receive
5) apps like the LionShare server may want to use functionality found in portions of the Shib target (eg manage Shib/SAML session info, AAP processing, etc)
6) apps like the LionShare server will probably want to use the RM functionality available with te Shib java target impl......
Does this make sense?
If yes, then what are the issues for the java target impl?
-Walter
wrote:
At 1:08 PM -0500 11/14/03,
wrote:
2) Continue last monday's discussion of the native java target version, develop a strategy for the initial implementation, and bring this discussion close to closure.
Following last week's discussion, Howard has UPDATED his paper titled "Shibboleth Java Target (Proposal)". The edited version of Howard's paper is available at:
http://stc.cis.brown.edu/~stc/Projects/Shibboleth/Version-2/Java/draft-gilbert-javatarget-01.html
Note: the changes are highlighted in yellow......
I'd like to add a fourth possible configuration for the java target -- for use within a standalone java application, running without a servlet container. An example of this would be the LionShare client, a project recently funded by Mellon. Hopefully, this would just be a different wrapper around the core shib functionality. In these cases, there's no browser involved. And, maybe, the initial Assertions arrive as part of the application data stream, and the app then hands them off to the shib library.
I also would like to suggest that the document include a section on Authz, since its likely that the functionality provided by the servlet container will be inadequate.
Attachment converted: Email:smime 26.p7s (eApp/CSOm) (0004AAAB)
- SHIB design call, monday (11/17), 3:00 pm edt, noon pdt, Steven_Carmody, 11/14/2003
- Re: SHIB design call, monday (11/17), 3:00 pm edt, noon pdt, Steven_Carmody, 11/17/2003
- Re: SHIB design call, monday (11/17), 3:00 pm edt, noon pdt, Walter Hoehn, 11/17/2003
- Re: SHIB design call, monday (11/17), 3:00 pm edt, noon pdt, Steven_Carmody, 11/18/2003
- Re: SHIB design call, monday (11/17), 3:00 pm edt, noon pdt, Scott Cantor, 11/19/2003
- Re: SHIB design call, monday (11/17), 3:00 pm edt, noon pdt, Steven_Carmody, 11/20/2003
- Re: SHIB design call, monday (11/17), 3:00 pm edt, noon pdt, Scott Cantor, 11/20/2003
- Re: SHIB design call, monday (11/17), 3:00 pm edt, noon pdt, Steven_Carmody, 11/20/2003
- Re: SHIB design call, monday (11/17), 3:00 pm edt, noon pdt, Scott Cantor, 11/19/2003
- Re: SHIB design call, monday (11/17), 3:00 pm edt, noon pdt, Steven_Carmody, 11/18/2003
- Re: SHIB design call, monday (11/17), 3:00 pm edt, noon pdt, Walter Hoehn, 11/17/2003
- Re: SHIB design call, monday (11/17), 3:00 pm edt, noon pdt, Steven_Carmody, 11/17/2003
Archive powered by MHonArc 2.6.16.