Shibboleth Developers

[Tom Scavo <>]

On 8/30/05, Scott Cantor 
<>
 wrote:
> > Our design or yours?  In any event, I don't see how one can avoid
> > HttpServletRequest and HttpServletResponse when designing around
> > attribute exchange.
> 
> My design. You can certainly avoid it if you're doing the client side of
> this (and the API isn't screwed up like now). Those are server-side
> interfaces. For that matter, nobody forced me to use them at all, and Howard
> explicitly asked me to refactor the server side of one of those interfaces
> so that it didn't have to operate on the actual servlet interface.
> 
> > servlet.jar has tons of concrete classes in it, all kinds of
> > useful stuff.
> 
> Then I'd say that's a bit of a concern, since AFAIK, servlet.jar would be
> container-specific, no? I guess we can slide by in this case, but it's
> definitely a bug in OpenSAML we need to fix.

I understand now, thanks.  In addition to removing the servlet.jar
dependency, it would be good if OpenSAML incorporated a metadata API. 
As it is, the tester relies on metadata classes from the Shib distro,
which we would like to avoid if possible.  Then the tester could be
distributed independent of Shib.

Thanks,
Tom