shibboleth-dev - RE: SHIB design call -- (2/21/2005), 3:00 pm est, noon pst
Subject: Shibboleth Developers
List archive
- From: "Scott Cantor" <>
- To: <>
- Subject: RE: SHIB design call -- (2/21/2005), 3:00 pm est, noon pst
- Date: Mon, 21 Feb 2005 13:49:57 -0500
- Organization: The Ohio State University
See:
https://authdev.it.ohio-state.edu/twiki/bin/view/Shibboleth/TrustManagement
for some high level design discussion.
The short version...I think regardless of all other debates, we should dump
the trust file (good for Howard, he wasn't dumb enough to implement it) and
move anything in it we want to keep into metadata Extensions. I'll keep
supporting it for compatibility, but probably only one release with a
warning that it's gone as of 2.0 for sure.
This eliminates the potentially "extra" method in 1.3 of binding a key
directly to a provider, but would still support some kind of CA model if we
choose to keep that (and I think we have to, but that's JMO).
https://authdev.it.ohio-state.edu/twiki/bin/view/Shibboleth/KeyManagement
will address the lower-level questions about what it means to use a key
directly for signing and SSL.
-- Scott
- SHIB design call -- (2/21/2005), 3:00 pm est, noon pst, Steven_Carmody, 02/21/2005
- RE: SHIB design call -- (2/21/2005), 3:00 pm est, noon pst, Scott Cantor, 02/21/2005
Archive powered by MHonArc 2.6.16.