Shibboleth Developers

[Keith Hazelton <>]

Scott:

Looks like you're saying look outside Shib proper for the tools to roll 
this kind of app, or wait for Shib/Lib/SAML convergence.

          --Keith
_____________________
On Wednesday, Dec 3, 2003, at 19:18 America/Chicago, Scott Cantor wrote:

> > Would an approach like that below be a foundation on which to build
> > into the app the ability to know the level of assurance of the current
> > session and, at will, ask for a higher level.  Seems like you'd need a
> > round trip all the way back to the WebISO login step with information
> > flowing and being processed both directions.
>
> Liberty already supports this kind of thing, as do some Web-ISOs. SAML 
> 2.0
> will standardize this along with a possible vocabulary for describing
> authentication requirements and context.
>
> I believe there are certainly use cases for SOAP proxies and credential
> translation, but I think they're what you use when don't have 
> end-to-end
> capability between the application and the identity provider or you 
> simply
> have intermediaries by design (delegation, for example).
>
> -- Scott
________________________________________________________
Keith Hazelton                  Senior IT Architect, UW-Madison
(608) 262-0771                  Division of Info. Technology
(608) 877-0977 (home)           1210 W. Dayton St., rm. 2164
http://arch.doit.wisc.edu/keith      Madison, WI  53706