Shibboleth Developers

["Josh Howlett" <>]

Just a couple of things:

1. WS-Security-Kerberos + ID-WSF ?

2. In network roaming scenarios (ie. eduroam), there is a growing
requirement for providing visitors with access to local network
resources such as printers and filestore, but provisioning Kerberos
credentials for these types of resources is difficult: scaling
conventional cross realm trust in kerberos is hard; and anyway Kerberos
is fragile in the presence of typical Institutional firewall policies. A
client-based middleware layer that exploited existing federation trust
and infrastructure to acquire appropriate credentials might therefore be
interesting.

best regards, josh.

> -----Original Message-----
> From: RL 'Bob' Morgan 
> [mailto:]
>  
> Sent: 12 July 2007 01:34
> To: Shibboleth Dev Team
> Subject: Re: Shibboleth and Kerberos Tickets
> 
> 
> I put up a drafty project page at:
> 
> https://spaces.internet2.edu/display/SHIB/Kerberos+Tickets+for
> +Middle+Tiers
> 
> including a features list, most of which are those posted by 
> Russ Allbery in a note a few months ago (thanks Russ).
> 
> Feel free to add/elaborate on features/requirements, or 
> propose a design. 
> I mentioned a couple of issues on the design page (eg Shib 2.x only?).
> 
>   - RL "Bob"
> 
> On Tue, 3 Jul 2007, Shilen Patel wrote:
> 
> > Hi Bob,
> >
> > We spoke last week regarding Shibboleth passing Kerberos tickets as 
> > attributes.  You also mentioned that you have some initial 
> > requirements gathered.  It would be very helpful for us to see what 
> > you have already come up with, so we would appreciate any 
> information you can provide.
> >
> > Also, do any of the Shibboleth developers have any thoughts or 
> > recommendations on how this feature should be implemented?
> >
> > Thanks,
> >
> > -- Shilen
> >
> >
>