Skip to Content.
Sympa Menu

shibboleth-dev - Re: Encryption key strategies

Subject: Shibboleth Developers

List archive

Re: Encryption key strategies


Chronological Thread 
  • From: "Tom Scavo" <>
  • To:
  • Subject: Re: Encryption key strategies
  • Date: Thu, 22 Jun 2006 10:05:44 -0400
  • Domainkey-signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:to:subject:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; b=rt2wczXXM0Rfp01xiq/3V/66q7w7vcPZwTkW3dw0+bHtag8i1B5wCFu9Gg4Vo/jYvNUicyQ9PI0+X2bYrQHVeaw05Do+pApEQdGxMwogP0bSf0WEzifg/11JHkPdMo9L4jd7PIO54wv2GB+uHsCKJSZ952Aj+Snsn3U3CA/bOPU=
On 6/22/06, Reimer Karlsen-Masur, DFN-CERT
<>
wrote:

I was under the impression that Shib IdP and SP (and their components AAR
and shibd) were always talking directly to each other (once the part with
the WAYF server involvement was over). How is an architecture setup that has
one or more intermediate systems between IdP and SP? Are there any proxies
or loadbalancer between them?

Our project utilizes an IdP proxy to mediate access to federation IdPs:

https://authdev.it.ohio-state.edu/twiki/bin/view/GridShib/SAMLIdPProxy

The myVocs middleware environment is an IdP proxy implementation:

https://authdev.it.ohio-state.edu/twiki/bin/view/GridShib/MyVocs

Encryption might be used by the endpoints to hide attributes and other
data as it flows through the proxy.

Or can this only happen if one is not using
the Internet2 implementation of Shibboleth?

myVocs is implemented using off-the-shelf Shibboleth components, so
the diagrams in the above wiki topics are pure Shibboleth.

Tom

Archive powered by MHonArc 2.6.16.

Top of Page