shibboleth-dev - RE: Update on AA plans
Subject: Shibboleth Developers
List archive
- From: "Scott Cantor" <>
- To: "'Walter Hoehn'" <>
- Cc: <>
- Subject: RE: Update on AA plans
- Date: Mon, 1 Nov 2004 11:43:10 -0500
- Organization: The Ohio State University
> David's point about fishing is well taken. We have discussed adding
> authZ regarding which SPs can use which NameMappings, but haven't
> implemented it yet. I think this is on the 1.3 TODO list.
Right, I think this is the only thing missing in terms of easily permitting
DN-based queries for stand-alone (i.e. no subject confirmation) assertions.
I use Kerberos-principal-based queries within OSU, but I had to actually
firewall off that listener and use a separate AA deployment because I can't
prevent arbitrary SPs from using it.
I think all that's needed is a unification of the RelyingParty constraints
on HS name mapping to cover the AA component.
-- Scott
- Update on AA plans, Keith Hazelton, 11/01/2004
- Re: Update on AA plans, Steven_Carmody, 11/01/2004
- Re: Update on AA plans, David L. Wasley, 11/01/2004
- Re: Update on AA plans, Walter Hoehn, 11/01/2004
- RE: Update on AA plans, Scott Cantor, 11/01/2004
- Re: Update on AA plans, Von Welch, 11/07/2004
- Re: Update on AA plans, Walter Hoehn, 11/01/2004
- Re: Update on AA plans, Von Welch, 11/07/2004
- Re: Update on AA plans, David L. Wasley, 11/01/2004
- Re: Update on AA plans, RL 'Bob' Morgan, 11/01/2004
- Re: Update on AA plans, Steven_Carmody, 11/01/2004
Archive powered by MHonArc 2.6.16.