shibboleth-dev - RE: Delegation
Subject: Shibboleth Developers
List archive
- From: "Scott Cantor" <>
- To: <>
- Subject: RE: Delegation
- Date: Thu, 26 Apr 2007 13:41:53 -0400
- Organization: The Ohio State University
> Is here any a simple idea of full delegation in Shibboleth version 1.3
> which it is possible more less quickly develop for me?
Tom answered this correctly, there isn't.
> The possible scenario is following:
> A user1 of SPa uses WS-Security SAML Token ( http://www.oasis-
> open.org/committees/download.php/16768/wss-v1.1-spec-os-
> SAMLTokenProfile.pdf <http://www.oasis-
> open.org/committees/download.php/16768/wss-v1.1-spec-os-
> SAMLTokenProfile.pdf> )
> to invoke a web service SPb on behalf of user2, who has an account on the
> SPb.
All of that is possible. It's how Liberty ID-WSF works, is very hard to do
with SAML 1.1, and is impossible to do with Shibboleth by itself.
It is neither simple, quick, nor in Shibboleth today.
-- Scott
- Delegation, Michael Boss, 04/26/2007
- RE: Delegation, Scott Cantor, 04/26/2007
Archive powered by MHonArc 2.6.16.