Shibboleth Developers

[Tom Scavo <>]

On 10/13/05, Tom Scavo 
<>
 wrote:
> On 10/13/05, Scott Cantor 
> <>
>  wrote:
>
> > I just wonder
> > if it isn't better to do what I originally suggested, use a SAML assertion
> > issued by the IdP to authenticate to the MyProxy service. That of course
> > also gets you a subject identifier for the cert that will be valid at the
> > AA.
>
> Excellent idea!  I'll look at that more closely and see what the issues are.

I've gone over this thread numerous times but unfortunately I have
absolutely no idea how to implement this step:

> 1 Grid Client authenticates to SSO service (means unspecified)

Certainly you don't mean the current SSO service, which as we all know
is geared towards browser users.  I just don't know how a command-line
MyProxy Client can obtain a SAML authN assertion, from an existing
Shib component or otherwise.

We have a grid portal use case in the back of our minds, and we're
paying close attention to the delegation protocol you posted recently
(even if we are mired in SAML 1.1) but that is mostly irrelevant for
our non-browser use case AFAICT.

Thanks,
Tom