Shibboleth Developers

[Tom Scavo <>]

On Thu, 17 Mar 2005 12:51:10 -0600, Walter Hoehn 
<>
 wrote:
> There isn't anything in place that does this.  I'm trying to imagine
> something generic that does it and isn't more complicated for a site
> than just writing a custom mapping according to their needs...

What about LionShare?  LionShare will require the following
NameMapping element, I believe:

<!-- CryptoShibHandle -->
<NameMapping
xmlns="urn:mace:shibboleth:namemapper:1.0"
id="..."
format="urn:mace:shibboleth:1.0:nameIdentifier"
type="CryptoHandleGenerator"
handleTTL="1800"/>

Doesn't that preclude the following NameMapping element?

<!-- SharedMemoryShibHandle -->
<NameMapping
xmlns="urn:mace:shibboleth:namemapper:1.0"
id="..."
format="urn:mace:shibboleth:1.0:nameIdentifier"
type="SharedMemoryShibHandle"
handleTTL="1800"/>

If the NameMapper class invoked the two mappings in sequence
(SharedMemoryShibHandle, then CryptoShibHandle), wouldn't that solve
the problem?

> I might be wrong, but I don't envision this being a common use case.

Well, GridShib is a use case, it seems.  GridShib wants to "own" the
X509SubjectName format, but surely there are deployments that are
currently using this format in other ways.  Without some kind of
chained mapping, the two will not coexist.

Thanks,
Tom