shibboleth-dev - LionShare use case for today's SHIB design call
Subject: Shibboleth Developers
List archive
- From:
- To:
- Subject: LionShare use case for today's SHIB design call
- Date: Mon, 8 Mar 2004 12:14:42 -0500
A couple of big changes:
http://stc.cis.brown.edu/~stc/Projects/LionShare/Architecture/Federation/UseCases-03.html
1) Introduction of the "incremental Attribute PUSH Model". Both One-time-ARP and the original Attribute PUSH have been removed. In the original Attribute PUSH, the LS client, at startup, obtained all attributes relevant to the user from the local Attribute Authority and cached them. When it connected to a target, it removed the required Assertions from its local cache and PUSHed them. People were very concerned about the process of obtaining "all relevant attribute assertions".
Derek Morr from psu has proposed an "incremental Attribute PUSH Model". The LS client would know what attributes and values have to be provided to a target. It would look in its local cache for the required Attribute Assertions. It would use any it found there; if it needed others, it would contact the local AA and ask for those specific Assertions (and only those). Any newly obtained Assertions would be cached by the LS client. This should significantly narrow the scope of requests to the local AA.
2) Since the target is no longer contacting the origin site AA and asking for attributes, we no longer need a Shib Handle in the client cert ...... can anyone think of a reason?
- LionShare use case for today's SHIB design call, Steven_Carmody, 03/08/2004
Archive powered by MHonArc 2.6.16.