Skip to Content.
Sympa Menu

shibboleth-dev - Re: Sub: Web Portal + Shibboleth possibility ???

Subject: Shibboleth Developers

List archive

Re: Sub: Web Portal + Shibboleth possibility ???


Chronological Thread 
  • From: "Tom Scavo" <>
  • To:
  • Subject: Re: Sub: Web Portal + Shibboleth possibility ???
  • Date: Thu, 16 Nov 2006 17:35:46 -0500
  • Domainkey-signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:to:subject:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; b=C1NcWm0e4L0EKdZGJ2xs5di+ujKbZVs1oUTlpzyyYuXAJsYIPgiN93japjudiOHLrwmZ0zFrZV/3n0yc2wT8wE3IdQSvZjWSoqENHuZitPW4XJh7mA3MOXbczrD2MnNvKL1oN1LsFXYwkXqnSo07a6GWZ+Fjk0WQc7HHOc/NvkQ=
On 11/16/06, Venkata Krishna Ravula
<>
wrote:

A web portal communicates with the Shibboleth server
to authenticate a user. Then the Globus tool Kit trusts the portal and then
any service later requested by the user be provided by the Globus Tool kit
becauses it now trusts the portal.

Yes, grid communities are doing this today. OGCE does this, for
example. What's missing in today's deployments, however, is access
control.

We are currently working on a project that would push attributes to
Globus Toolkit by binding SAML attribute assertions to X.509 proxy
certificates. This wiki page gives the general idea:

https://authdev.it.ohio-state.edu/twiki/bin/view/GridShib/ScienceGateway

Note that the Portal/Gateway need not be shib-enabled. If it *is*
shib-enabled (Nate gave a pointer), the authentication context from
the shib-issued SSO assertion may be pushed to Globus Toolkit along
with attributes. This raises some interesting questions with respect
to attribute aggregation (which Nate can tell you more about :).

Hope this helps,
Tom

Archive powered by MHonArc 2.6.16.

Top of Page