Shibboleth Developers

["Von Welch" <>]

Thomas,

 You are correct in your understanding that the Grid Service would
need to be listed in the ARP and I agree adding that to our profile
would help.

 > Shibbolizing Grid and LionShare services that way would require the
 > availability of end-user tools with which a user would be able to
 > configure his/her user specific ARP easily.

I believe all the ARP management tools I've seen are mean to be run by
the IdP admin. Do any user tools exist?

  Von

Thomas Lenggenhager writes (10:41 January 31, 2005):
 > In use case #1 (no pseudonymity) in point 6c it reads:
 >   AA validates that the Service has the right to ask about the given
 >   Subject. (This seems to mesh with Note #2 in the LionShare prfile.)
 > 
 > In my understanding, that implies that each shibbolized Grid service
 > needs to be listed in the user specific ARP. Otherwise, if a shibbolized
 > Grid service would be configured in the site ARP, that service could try
 > to retrieve attributes from users who never tried to access that Grid
 > service since there is no opaque handle involved in this transaction
 > which normally protects from misuse.
 > 
 > Provided I understood that correctly, explicitely stating that could help
 > in understanding the process better.
 > 
 > The same implicit statement is in use case #2 point 9.
 > 
 > Will it be required to configure LionShare services in the user ARPs as
 > well for the same reason?
 > 
 > Shibbolizing Grid and LionShare services that way would require the
 > availability of end-user tools with which a user would be able to
 > configure his/her user specific ARP easily.
 > 
 > Thomas