Shibboleth Developers

["Diego R. Lopez" <>]

Hi,

Scott Cantor wrote:
>>Anyway, this document may be of interest:
>>
>>http://www.geant2.net/upload/pdf/GN2-05-192v6.pdf
> 
> 
> This is the eduGAIN stuff I'm been supposed to review at some point.

Yeah.

> 
>>It outlines infrastructure built on Shibboleth (the implementation)
>>that is mostly incompatible with Shibboleth (the specification).
> 
> 
> I know it's SAML 1.1-based, unfortunately, which is not exactly the best
> idea for something new

A couple of days ago, I was trying to explain this decision at the list
that  Steven has started in pursuing global Shibboleth domination onto
content providers:

The decision of starting with SAML 1.1 was due to the
fact that we were committed to be Shibboleth-compatible from the very
beginning, and it was not clear whether Shibboleth (and mostly the
currently running Shib-based federations) were going to move to 2.0 in
the short term.

Nevertheless, eduGAIN already intends to use SAML 2.0 metadata for the
inter-federation provider location and trust establishment and will
include 2.0 support in the second version (which is planned inside the
GEANT2 project itself).

> but presumably it's not spec compliant because it's
> addressing use cases that are not addressed by the spec?

That's pretty exact. eduGAIN web SSO profile is going to be based on
Shib, and eduGAIN attribute exchange (as is stated in the
document that Tom mentions) is designed to be compatible with Shib
IdPs and SPs. But we are envisaging other non-web based use cases,
as its use by elements in a network monitoring infrastructure.

Be goode,
-- 
"Esta vez no fallaremos, Doctor Infierno"

Dr Diego R. Lopez

Red.es - RedIRIS
The Spanish NREN

e-mail: 

jid:    

Tel:    +34 955 056 621
Mobile: +34 669 898 094
-----------------------------------------