shibboleth-dev - RE: SHIB design call -- (2/27/2006) , 3:00 pm est, noon pst
Subject: Shibboleth Developers
List archive
- From: "Scott Cantor" <>
- To: <>
- Subject: RE: SHIB design call -- (2/27/2006) , 3:00 pm est, noon pst
- Date: Mon, 27 Feb 2006 14:40:55 -0500
- Organization: The Ohio State University
> > 3) continuation of Shib 2 features discussion...
>
> Have you considered extending the IIS implementation of
> XMLAccessControl to read the ACL on a per-directory basis?
I think you mean "load the ACL from the directory", in which case my answer
is that it already supports that, in that you can externalize a pointer to
an ACL file anywhere in the file system that you want. But it requires an
explicit path pointer to avoid the need to actually know the URL->physical
path mapping. I have no idea how to do that in IIS, and not much interest in
learning.
I think static access control is rarely useful in a system like this. You
need graceful failure modes because attributes can be suppressed or just
fail to show up, and static rules preclude that. I think this encourages a
lot of fragile systems.
-- Scott
- SHIB design call -- (2/27/2006) , 3:00 pm est, noon pst, Steven_Carmody, 02/27/2006
- Re: SHIB design call -- (2/27/2006) , 3:00 pm est, noon pst, Nathan Dors, 02/27/2006
- RE: SHIB design call -- (2/27/2006) , 3:00 pm est, noon pst, Scott Cantor, 02/27/2006
- RE: SHIB design call -- (2/27/2006) , 3:00 pm est, noon pst, Nathan Dors, 02/27/2006
- RE: SHIB design call -- (2/27/2006) , 3:00 pm est, noon pst, Scott Cantor, 02/27/2006
- RE: SHIB design call -- (2/27/2006) , 3:00 pm est, noon pst, Nathan Dors, 02/27/2006
- RE: SHIB design call -- (2/27/2006) , 3:00 pm est, noon pst, Scott Cantor, 02/27/2006
- Re: SHIB design call -- (2/27/2006) , 3:00 pm est, noon pst, Nathan Dors, 02/27/2006
Archive powered by MHonArc 2.6.16.