Skip to Content.
Sympa Menu

shibboleth-dev - The Grid Use Case

Subject: Shibboleth Developers

List archive

The Grid Use Case


Chronological Thread 
  • From: "Tom Scavo" <>
  • To: "Shibboleth Development" <>
  • Subject: The Grid Use Case
  • Date: Wed, 31 Oct 2007 10:56:55 -0400
  • Domainkey-signature: a=rsa-sha1; c=nofws; d=gmail.com; s=beta; h=received:message-id:date:from:to:subject:mime-version:content-type:content-transfer-encoding:content-disposition; b=eqPjvMItz+2+ZCrmLMRKY37CwYbtidZ/OjAX3TLz7qdRMh75TtDfBsVQzgDIRdtzxJTKsPWbp1miBlKgJcdI7aMMQJAe54zm6mGqFMmNo3bVbftErFNBcZK/1HoscaCtH6s37Bg71JZ32B33h/P/6mkjV0sbM4loMncmM2qsLZ8=
This use case distills the common requirements of various grid
projects I've worked on, and so it might be called the "Grid Use
Case":

1. The IdP asserts an SSO assertion with the following characteristics:
* The assertion is unencrypted
* There is a digital signature on the <Assertion> element
* The <AuthnContext> element distinguishes between two levels of assurance
* The IdP asserts a persistent, non-reassignable identifier (encrypted)
* The assertion may contain non-identity attributes such as ePSA
(unencrypted)
2. The SP decrypts the identifier and maps it to a persistent, local
identifier (account linking).
3. The SP resolves local attributes and issues a local attribute
assertion with bound SSO assertion (in <Advice>).
4. SP exposes the local attribute assertion to the application.

Questions:

* Can the Shib IdP 2.0 be made to issue such an assertion?
* Will the Shib SP 2.0 do account linking?
* Will the Shib SP 2.0 do local attribute resolution?
* If the answer to the previous question is no, will the Shib SP 2.0
expose the raw SSO assertion?

Thanks,
Tom

Archive powered by MHonArc 2.6.16.

Top of Page