shibboleth-dev - Re: comments on 1.2 origin deploy guide
Subject: Shibboleth Developers
List archive
- From:
- To:
- Subject: Re: comments on 1.2 origin deploy guide
- Date: Wed, 28 Apr 2004 10:28:48 -0400
At 6:48 PM -0400 4/27/04, Walter Hoehn wrote:
15) section 4.a -- I've got a question -- the only RelyingParty element in the sample is named urn:mace:inqueue, but would clearly seem to be for localhost testing.... is the use of this name going to confuse people, when they move to step 2 (adding an IQ definition to this file....)?
Not sure I understand how it is "clearly for localhost testing". Looks like a standard inqueue setup to me.
well, if we intend to present a standard IQ setup in this section, we should say that.... explicitly
here's why I'm confused, tho...
these seem to indicate IQ membership:
defaultRelyingParty="urn:mace:inqueue"
providerId="urn:mace:inqueue:shibdev.edu">
<RelyingParty name="urn:mace:inqueue" signingCredential="foo">
<HSNameFormat nameMapping="crypto"/>
</RelyingParty>
while these seem to have been held over from the config file included with the distribution:
<FileResolver Id="foo">
<Key format="DER">
<Path>/conf/shib2.key</Path>
</Key>
<Certificate format="PEM">
<Path>/conf/shib2.crt</Path>
</Certificate>
</FileResolver>
</Credentials>
<FederationProvider type="edu.internet2.middleware.shibboleth.metadata.provider.XMLMetadataLoadWrapper" uri="/conf/sites.xml"/>
or... at least a couple of "things" in this second set might trigger some confusion:
-- putting the site's credentials into files called shib2.key and shib2.crt, "replacing" the distributed files, will just confuse me.... and since these credentials *might be* federation specific, I'd suggest we recommend somehow incorporating the site + fed names into the file name.....
-- elsewhere, we (used to?) refer to the IQ sites file as inqueue_sites.xml; here's the download info:
http://wayf.internet2.edu/InQueue/sites-1.2.xml
where the name is yet a third thing.....
again, because of the multi-fed question, I'd suggest including the fed name in the name for the IQ sites file.....
- comments on 1.2 origin deploy guide, Steven_Carmody, 04/27/2004
- Re: comments on 1.2 origin deploy guide, Walter Hoehn, 04/27/2004
- RE: comments on 1.2 origin deploy guide, Scott Cantor, 04/27/2004
- Re: comments on 1.2 origin deploy guide, Steven_Carmody, 04/28/2004
- RE: comments on 1.2 origin deploy guide, Scott Cantor, 04/28/2004
- RE: comments on 1.2 origin deploy guide, Steven_Carmody, 04/28/2004
- RE: comments on 1.2 origin deploy guide, Scott Cantor, 04/28/2004
- RE: comments on 1.2 origin deploy guide, Steven_Carmody, 04/28/2004
- RE: comments on 1.2 origin deploy guide, Scott Cantor, 04/28/2004
- RE: comments on 1.2 origin deploy guide, Steven_Carmody, 04/28/2004
- RE: comments on 1.2 origin deploy guide, Scott Cantor, 04/28/2004
- RE: comments on 1.2 origin deploy guide, Steven_Carmody, 04/28/2004
- RE: comments on 1.2 origin deploy guide, Scott Cantor, 04/28/2004
- Re: comments on 1.2 origin deploy guide, Walter Hoehn, 04/27/2004
Archive powered by MHonArc 2.6.16.