shibboleth-dev - RE: Shibboleth OSID

Subject: Shibboleth Developers

List archive

RE: Shibboleth OSID

From: "Scott Cantor" <>
To: <>
Subject: RE: Shibboleth OSID
Date: Thu, 17 Nov 2005 12:12:19 -0500
Organization: The Ohio State University

> > I think the shib distribution defaults to mapping EPPN to
> > REMOTE_USER. For instance, that's how the Shib Wiki works....
>
> I'd be surprised if this were in fact true (it would blow my
> understanding of name mappings out of the water :).

You two are discussing opposite ends. The Shib *SP* maps EPPN to
REMOTE_USER, and a Shib OSID would be an SP thing, not an IdP thing.

> If REMOTE_USER is of the form
> "user@domain"
> initially (and I can see
> why you might want this), a bunch of stuff on the back end has to
> change. Additionally, if you're using emailAddress or kerberos name
> identifiers (not common today, I know), the name mapping process
> itself becomes somewhat complicated. This probably argues for opaque
> identifiers more than anything else.

Yeah, probably so. But regardless, the IdP doesn't really make any
assumptions about REMOTE_USER at all because the default Name formats are
opaque. The assumptions bridge between REMOTE_USER on the front, and
resolver.xml on the back end.

-- Scott

Re: Shibboleth OSID, (continued)
- Re: Shibboleth OSID, Tom Scavo, 11/16/2005
  - Re: Shibboleth OSID, Derek Morr, 11/16/2005
    - Re: Shibboleth OSID, Tom Scavo, 11/16/2005
      - Re: Shibboleth OSID, Steven_Carmody, 11/16/2005
        
        Re: Shibboleth OSID, Will Norris, 11/16/2005
        
        RE: Shibboleth OSID, Scott Cantor, 11/16/2005
        
        RE: Shibboleth OSID, Steven_Carmody, 11/16/2005
        
        Message not available
        Re: Shibboleth OSID, Tom Scavo, 11/16/2005
        Re: Shibboleth OSID, Steven_Carmody, 11/17/2005
        
        Message not available
        Re: Shibboleth OSID, Tom Scavo, 11/17/2005
        RE: Shibboleth OSID, Scott Cantor, 11/17/2005

List archive

RE: Shibboleth OSID