Shibboleth Developers

[Peter Murray <>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 3/20/05 2:52 PM, Scott Cantor wrote:
> Mark's note about privacy was very important, but you also haven't
> identified the protocol here. I seriously doubt that it's HTTP alone, that
> wouldn't make a great deal of sense. I assume it's SOAP. That makes this a
> web service, and there is nothing in the SAML browser profiles that
> addresses web services.

Yes -- Mark's comments are well taken, which gave rise to my original
misgivings.  Having the MSE at the core of broadcast search service
makes me nervous, and also allowing it to pass along arbitrary
attributes is really over the top.

And, whether it makes a great deal of sense or not, HTTP is the protocol
of choice.  Some MSEs "scrape" the HTML returned by the destination SP,
others use more advance protocols such as Z39.50 (where Shibboleth
wouldn't work) or custom "XML gateways" that are sort of like SOAP.
Quite frankly, it is a mess -- hence the reason NISO got the committees
together to address it.

Steven's suggestion to start with use cases that are subsets of the
general case seems sound.  At the very least, it might allow a platform
for the work of these two groups to continue.


Peter
- --
Peter Murray                       http://www.pandc.org/peter/work/
Assistant Director, Multimedia Systems  tel:+1-614-728-3600;ext=338
OhioLINK: the Ohio Library and Information Network   Columbus, Ohio
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (Darwin)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org

iD8DBQFCPiAv4+t4qSfPIHIRAsD6AKCuJTnUGDmsKoxV3xBp3gmuBJ7WzQCgoyx1
+Dy2b2C3RdRfZaaupGs+lf4=
=EjIQ
-----END PGP SIGNATURE-----