Shibboleth Developers

["Paul B. Hill" <>]

Hi,

Jim, Scott, and I talked about this during reception held last night. 

>> In any case, the security hole is smaller than I first thought.
>> It is more of a trust thing, as you said a long time ago.
>> Although I'd still advise not running a serious application on
>> a system where I didn't trust all the other users.
>
>That's good advice no matter what you're doing, certainly.

If I may summarize some of the conclusions:

Now that the Shibboleth Project has gone though a couple of releases we are
all developing a much better idea of the development scope. This means that
we have arrived a time when we need some documents describing best practices
for deployments. It also means that our evangelists need to be very careful
about some of scenarios that we describe. 

It is clear from the discussion that releasing attributes to a server that
hosts code from multiple parties raises some security considerations that we
have previously not highlighted. A best practices document should certainly
have a section that talks about the case where a higher-ed site may have a
web server where students may run arbitrary CGI or ASP code. I believe that
Scott and I feel that the security concerns in such an environment extend
beyond the issue of having multiple targets asking for different attributes
in the same domain.

Paul