shibboleth-dev - RE: Tomcat and certificate validation for SSL
Subject: Shibboleth Developers
List archive
- From: "Alistair Young" <>
- To: "Scott Cantor" <>
- Cc:
- Subject: RE: Tomcat and certificate validation for SSL
- Date: Tue, 14 Jun 2005 22:36:07 +0100 (BST)
- Importance: Normal
> And what exactly have we gained? Slowness? ;-)
hands up, I agree it'd be a tad slower! but what you gain is container
independence, i.e not having to tie shibb to Tomcat. Jetty is quite common
out there and people swear it's faster than Tomcat.
I just think that modifying the container will raise the barrier to entry
for shibboleth. Raising the validation up to the message level might be
more work for developers but at the end of the day, it's the users that
count.
The higher the validation goes in the stack, the lower the barrier to
entry for shibb adopters and the lower the blood pressure all round :)
Alistair
--
Alistair Young
Senior Software Engineer
UHI@Sabhal
Mòr Ostaig
Isle of Skye
Scotland
>> > There is no interoperable way to do the encryption
>>
>> what about just signing the Request then? and letting tls continue to
>> handle the confidentiality? without client-auth, as the
>> validation is done at the message level?
>
> That's fine, but we still need replay detection. And what exactly have we
> gained? Slowness? ;-)
>
> -- Scott
>
>
- Re: Tomcat and certificate validation for SSL, (continued)
- Re: Tomcat and certificate validation for SSL, Chad La Joie, 06/14/2005
- RE: Tomcat and certificate validation for SSL, Howard Gilbert, 06/14/2005
- Re: Tomcat and certificate validation for SSL, Chad La Joie, 06/14/2005
- RE: Tomcat and certificate validation for SSL, Scott Cantor, 06/14/2005
- Re: Tomcat and certificate validation for SSL, Chad La Joie, 06/14/2005
- Re: Tomcat and certificate validation for SSL, Alistair Young, 06/14/2005
- RE: Tomcat and certificate validation for SSL, Scott Cantor, 06/14/2005
- RE: Tomcat and certificate validation for SSL, Alistair Young, 06/14/2005
- RE: Tomcat and certificate validation for SSL, Scott Cantor, 06/14/2005
- RE: Tomcat and certificate validation for SSL, Alistair Young, 06/14/2005
- RE: Tomcat and certificate validation for SSL, Scott Cantor, 06/14/2005
- Re: Tomcat and certificate validation for SSL, Tom Scavo, 06/14/2005
- RE: Tomcat and certificate validation for SSL, Scott Cantor, 06/14/2005
- RE: Tomcat and certificate validation for SSL, Alistair Young, 06/14/2005
- RE: Tomcat and certificate validation for SSL, Scott Cantor, 06/14/2005
- RE: Tomcat and certificate validation for SSL, Alistair Young, 06/14/2005
- RE: Tomcat and certificate validation for SSL, Scott Cantor, 06/14/2005
- RE: Tomcat and certificate validation for SSL, Scott Cantor, 06/14/2005
- Re: Tomcat and certificate validation for SSL, Tom Scavo, 06/14/2005
- RE: Tomcat and certificate validation for SSL, Scott Cantor, 06/14/2005
- Re: Tomcat and certificate validation for SSL, Walter Hoehn, 06/14/2005
- Re: Tomcat and certificate validation for SSL, Tom Scavo, 06/14/2005
- RE: Tomcat and certificate validation for SSL, Scott Cantor, 06/14/2005
Archive powered by MHonArc 2.6.16.