Shibboleth Developers

the text is available here...

http://stc.cis.brown.edu/~stc/Projects/LionShare/Architecture/Federation/UseCases.html

please read this before the call.... its a work in progress... I 
think its currently complete, and will work... altho there are 
several aspects that are described that I'm not completely 
comfortable with. You'll note that it describes:

1) having the origin site run a KCA -- see 
http://www.nsf-middleware.org/documentation/NMI-R1/1/KX509KCA/

KX.509, from the University of Michigan, is a Kerberized client-side 
program that acquires an X.509 certificate using existing Kerberos 
tickets.

2) having the client obtain three different certificates... for different 
uses.

3) when initiating a download, the LS client dynamically creates a 
"temporary" ARP..... this is a brand new idea.... have fun with it 
(-:

Looking forward to a fun conversation!   (-: