shibboleth-dev - Re: Multiple targets in a single domain?

Subject: Shibboleth Developers

List archive

Re: Multiple targets in a single domain?

From: "Diego R. Lopez" <>
To:
Subject: Re: Multiple targets in a single domain?
Date: Thu, 01 Jul 2004 09:28:17 +0200

> An origin may attempt to release the PersonPrincipalName
> for instance, to example.edu/team1/ but not to example.edu/team2/.
> All it's really doing is making it only slightly more difficult
> for team2 to get the user's principal name -- because the browser
> will not protect team1's session data from the team2 site.

That's why PAPI uses a symmetric key for encrypting all session
cookies. Each target has its own key so even in the case the browser
discloses cookies to targets in the same domain name, it remains opaque
to the others. I think that implementing this inside the Shib target
would not be difficult at all.

--
"Esta vez no fallaremos, Doctor Infierno"

Dr Diego R. Lopez

Red.es - RedIRIS
The Spanish NREN

e-mail:

jid:

Tel: +34 955 056 621
Mobile: +34 669 898 094
-----------------------------------------

Re: Multiple targets in a single domain?, Diego R. Lopez, 07/01/2004
- RE: Multiple targets in a single domain?, Scott Cantor, 07/01/2004
  - RE: Multiple targets in a single domain?, Jim Fox, 07/01/2004
    - RE: Multiple targets in a single domain?, Scott Cantor, 07/01/2004
      - RE: Multiple targets in a single domain?, Jim Fox, 07/01/2004
        
        RE: Multiple targets in a single domain?, Scott Cantor, 07/01/2004
        
        RE: Multiple targets in a single domain?, Paul B. Hill, 07/01/2004
      - Re: Multiple targets in a single domain?, Michael A. Grady, 07/01/2004
        
        Re: Multiple targets in a single domain?, Jim Fox, 07/01/2004
        
        RE: Multiple targets in a single domain?, Scott Cantor, 07/01/2004

List archive

Re: Multiple targets in a single domain?