shibboleth-dev - Fwd: Re: Gridshib profile
Subject: Shibboleth Developers
List archive
- From: "Von Welch" <>
- To:
- Subject: Fwd: Re: Gridshib profile
- Date: Thu, 20 Jan 2005 08:32:29 -0600
Resend of bounce...
------- start of forwarded message -------
Reply-To: Von Welch
<>
From: Von Welch
<>
To: Walter Hoehn
<>
Cc:
Subject: Re: Gridshib profile
Date: Wed, 19 Jan 2005 20:36:47 -0600
Walter,
Thanks. My intrepretation of your comments and resulting threads are
below.
Walter Hoehn writes (21:46 January 18, 2005):
> A couple of comments. Sorry if we've been over these before, but it's
> been a mighty long time since we've discussed it.
>
> 1) In section I.2a it seems that it would be more inline with current
> practice to place and IdP provider id in the certificate extension.
> This could then be used to lookup the set of valid attribute query
> endpoints.
As I understand what you are suggesting, an IdP id would be placed in
the extension; that IdP would resolved by the service through the Shib
Metadata API (which uses a proprietary metadata file distributed by
some OOB method) to a set of one or more URLs to AAs associated with
that IdP.
Correct?
If so that approach sounds reasonable.
> 2) Sections I.3 & I.4 also seem a little fishy. Why must an AA be
> "uniquely" identified by a certificate?
As Tom mentioned the intent is to allow the service to authentication
of the AA to the service.
> Are you planning to use
> shibboleth metadata interfaces?
Is the suggestion here that the identity of the AA is available
through this interface?
If so, that could (and should) replace the separate certificate.
Von
>
> -Walter
>
> On Jan 18, 2005, at 5:46 PM, Von Welch wrote:
>
> >
> > Below are pointers to our draft Grid-Shib profile describing, from a
> > Shib perspective, how we plan Shib-Grid integration. These are
> > refined versions of the scenarios I posted last January.
> >
> > They need a little preamble to set context to stand-alone and some
> > polishing, but we'd be interested in any feedback from this group on
> > the technical approach.
> >
> > The two documents are the same content, just different formats.
> >
> > http://grid.ncsa.uiuc.edu/GridShib/docs/GridShib-Profile-03.doc
> > http://grid.ncsa.uiuc.edu/GridShib/docs/GridShib-Profile-03.pdf
> >
> > Von
------- end of forwarded message -------
- Gridshib profile, Von Welch, 01/18/2005
- Re: Gridshib profile, Walter Hoehn, 01/18/2005
- Re: Gridshib profile, Tom Barton, 01/19/2005
- Re: Gridshib profile, Tom Scavo, 01/19/2005
- Re: Gridshib profile, Walter Hoehn, 01/19/2005
- Re: Gridshib profile, Tom Scavo, 01/19/2005
- RE: Gridshib profile, Scott Cantor, 01/19/2005
- Re: Gridshib profile, Tom Scavo, 01/19/2005
- Re: Gridshib profile, Walter Hoehn, 01/19/2005
- Re: Gridshib profile, Walter Hoehn, 01/19/2005
- Re: Gridshib profile, Tom Scavo, 01/19/2005
- Re: Gridshib profile, Tom Barton, 01/19/2005
- Re: Gridshib profile, Thomas Lenggenhager, 01/31/2005
- <Possible follow-up(s)>
- Fwd: Re: Gridshib profile, Von Welch, 01/20/2005
- RE: Re: Gridshib profile, Scott Cantor, 01/20/2005
- RE: Re: Gridshib profile, Von Welch, 01/20/2005
- RE: Re: Gridshib profile, Scott Cantor, 01/20/2005
- Re: Gridshib profile, Walter Hoehn, 01/18/2005
Archive powered by MHonArc 2.6.16.