Shibboleth Developers

[Walter Hoehn <>]

A couple of comments.  Sorry if we've been over these before, but it's 
been a mighty long time since we've discussed it.

1) In section I.2a it seems that it would be more inline with current 
practice to place and IdP provider id in the certificate extension.  
This could then be used to lookup the set of valid attribute query 
endpoints.

2) Sections I.3 & I.4 also seem a little fishy.  Why must an AA be 
"uniquely" identified by a certificate?  Are you planning to use 
shibboleth metadata interfaces?

-Walter

On Jan 18, 2005, at 5:46 PM, Von Welch wrote:

> Below are pointers to our draft Grid-Shib profile describing, from a
> Shib perspective, how we plan Shib-Grid integration. These are
> refined versions of the scenarios I posted last January.
>
> They need a little preamble to set context to stand-alone and some
> polishing, but we'd be interested in any feedback from this group on
> the technical approach.
>
> The two documents are the same content, just different formats.
>
> http://grid.ncsa.uiuc.edu/GridShib/docs/GridShib-Profile-03.doc
> http://grid.ncsa.uiuc.edu/GridShib/docs/GridShib-Profile-03.pdf
>
> Von