Skip to Content.
Sympa Menu

shibboleth-dev - Re: CryptoHandleGenerator

Subject: Shibboleth Developers

List archive

Re: CryptoHandleGenerator


Chronological Thread 
  • From: Tom Scavo <>
  • To: Scott Cantor <>
  • Cc: Shibboleth Development <>
  • Subject: Re: CryptoHandleGenerator
  • Date: Thu, 17 Mar 2005 14:56:39 -0500
  • Domainkey-signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:reply-to:to:subject:cc:in-reply-to:mime-version:content-type:content-transfer-encoding:references; b=JHMScVNO7PHHZSJIg8HdBpYvefDnui1NThfpHJd94ukw7dTOVNoqJqmouoovEm5sY+/GfQk3HKNDlLQy+uSfIlvNhxZCwz2qhZBvBCfNfgKRbmZqObtD9y0SEdFdTD3JenJAvQFvfQ0kStrmCq+fuo3gfVHevqjTyNdjhf/VgDw=
On Thu, 17 Mar 2005 14:21:21 -0500, Scott Cantor
<>
wrote:
> > If the NameMapper class invoked the two mappings in sequence
> > (SharedMemoryShibHandle, then CryptoShibHandle), wouldn't that solve
> > the problem?
>
> Yeah, but why bother? Just use the crypto handle. I can't imagine anyone not
> using it now. The shared memory thing is worthless for most production
> sites.

But the SharedMemoryShibHandle is the default mapping *and* it's
listed in the installation guide. So you're saying this is going to
change in 1.3?

> Your X.509 case is the only likely example, and almost nobody uses them. So
> it's a serious niche case.

What about the other SAML formats (unspecified, emailAddress, and
WindowsDomainQualifiedName)? Won't these have the same problem as
X509SubjectName?

Tom

Archive powered by MHonArc 2.6.16.

Top of Page