Skip to Content.
Sympa Menu

shibboleth-dev - Re: WAYF and user "advice"

Subject: Shibboleth Developers

List archive

Re: WAYF and user "advice"


Chronological Thread 
  • From: "David L. Wasley" <>
  • To: Digant C Kasundra <>
  • Cc:
  • Subject: Re: WAYF and user "advice"
  • Date: Fri, 2 Jul 2004 20:53:13 -0700

Clearly a user in a known environment (e.g. a student going to a campus portal or library resource page) can be directed to the HS and bypass the WAYF. Two problems: they might not be a user in the "known environment" or they might have eligibilities based on identity in another environment. Also, there might be resources I want to use that aren't on my campus's portal or library page.

My idea was really more like setting an environment variable in Unix. It would be cool if web browsers had environment "settings" so that I could define, for example, HOME-1="UC Berkeley" and HOME-2="IEEE". Then I could edit my bookmarks (or better yet, the browser would support option macros for bookmarks) to specify http://www.jstor.com/shibentry.htnl?userhome=$HOME-1
or http://journals.ieee.com/index.html?userhome=$HOME-2
etc.

In other words, my suggested kludge would be a simple way that clueful users could add the "origin" name they want to use to URLs that they use frequently.

David

-----
At 2:07 PM -0500 on 6/30/04, Digant C Kasundra wrote:

My question would be where does that URL appear
(http://www.jstore.com/shibentry.html?userhome=UC%20Berkeley). If
that's a link somewhere, why not just use the URL that bypasses WAYF
altogether? That could also be bookmarked (most browsers let you
right-click a link and bookmark it).

-- DK

On Wed, 2004-06-30 at 13:17, David L. Wasley wrote:
<flame_target asbestos="on">

We've always said the answer to the WAYF is not a security issue
since a false answer simply results in failure to gain access. So
why not let the user give "advice" to the WAYF?

This might work in the following way. When the user first goes to a
new resource, the SHIRE (new term?) could look for a parameter of the
form userhome=<origin_name> - i.e.
www.jstore.com/shibentry.html?userhome=UC%20Berkeley

This parameter would be passed on to the WAYF and displayed as the
"default" origin, er, Credential Provider for the user. I'd guess
that in 90+% of the cases the user would simply hit RETURN.

If this was supported, then users could "bookmark" the URL (and
optionally add or even edit the userhome parameter) and then life
would be good. They could have bookmarked URLs with different
userhomes for the various origins that know them, etc.

Just a thought.

</flame_target>

David



  • Re: WAYF and user "advice", David L. Wasley, 07/03/2004

Archive powered by MHonArc 2.6.16.

Top of Page