shibboleth-dev - RE: added functionality for shib target on W2K..
Subject: Shibboleth Developers
List archive
- From: Ryan Campbell <>
- To:
- Subject: RE: added functionality for shib target on W2K..
- Date: Mon, 23 Feb 2004 13:08:34 -0800 (PST)
Hi.
As Steve said, I've been contracted to do a few things with the Windows
ISAPI target. The main things were:
1. Add .htaccess style directives to the ISAPI target
2. Add a GUI integrated with the IIS MMC interface
3. Update/improve the installer
4. Make any changes necessary to the target and installer for IIS 6.
I've been lurking and tinkering for a bit now to get comfortable with how
the Shib architecture works. Thus far I have:
- Set up a stand-alone linux-apache origin and a Windows target
- Set up a Windows development environment.
- Completed a working prototype of directive support using the Windows
registry as the database store
- Completed a working prototype of an MMC extension for IIS to manage the
directives.
I don't yet have CVS access, but if anyone wants to take a look at the
prototypes, I can send a link to binaries and/or source. The GUI interface
dll is fairly small (88KB), stand-alone, and easy to install/uninstall.
The ISAPI target should drop in if you have a target set up using
shibtarget_4.dll and shib_5.dll, but it may prove easier to recompile from
diffs if you're using a much different version of the source tree than I
used.
These are just prototypes, so we should talk about some of the design
assumptions I used. One of the main open questions is where to store the
directives database. I initially chose the registry over the IIS metabase
and .htaccess flat files due to the following pros and cons:
Flat files
--------
Pros:
Easy to maintain without tools
Cross compatibility with Apache
Cons:
Speed
Shared resource management
More complex to maintain per-file directives
Much more complex to maintain different directives for virtual
hosts/directories
Metabase
----------
Pros:
XML file can be edited/repaired/transferred out of band
Custom data types
Easier to script changes (ADSI)
Automatic inheritance
Read speed
Cons:
Metabase schema must be modified
On IIS 4 and 5 systems: can only modify off-line metabase by hand
Some history with corruption issues
Registry
--------
Pros:
Stability
Cons:
Harder to script changes
----- Original Message -----
From: "Howard Gilbert"
<>
To:
<>
Sent: Sunday, February 22, 2004 4:31 PM
Subject: RE: added functionality for shib target on W2K..
> The future, however, is more likely to use an ASP.NET support.
Steve and I discussed this as a potential near-future project.
-Ryan Campbell
- added functionality for shib target on W2K.., Steve Carmody, 02/22/2004
- RE: added functionality for shib target on W2K.., Howard Gilbert, 02/22/2004
- RE: added functionality for shib target on W2K.., Steven_Carmody, 02/23/2004
- RE: added functionality for shib target on W2K.., Scott Cantor, 02/23/2004
- RE: added functionality for shib target on W2K.., Howard Gilbert, 02/23/2004
- RE: added functionality for shib target on W2K.., Scott Cantor, 02/23/2004
- RE: added functionality for shib target on W2K.., Ryan Campbell, 02/23/2004
- RE: added functionality for shib target on W2K.., Steven_Carmody, 02/23/2004
- RE: added functionality for shib target on W2K.., Howard Gilbert, 02/22/2004
Archive powered by MHonArc 2.6.16.