shibboleth-dev - RE: [Shib-Dev] seeking feedback on Shibboleth 2.2 Roadmap
Subject: Shibboleth Developers
List archive
- From: Peter Williams <>
- To: "" <>
- Subject: RE: [Shib-Dev] seeking feedback on Shibboleth 2.2 Roadmap
- Date: Wed, 24 Sep 2008 12:21:06 -0700
- Accept-language: en-US
- Acceptlanguage: en-US
why not go the whole hog, and have an openldap server front the
assertion/attribute store, using its data store plugin to talk to the
existing URL api?
This gets passed the whole silly web interface limits (why is interent2
willing to tolerate that stuff?), and formalizes the interface between app
and local store with a standard interface.
A variant of this is what folks did in the 1990-era PKI-aplications with
certs, and trust, and multirooted cert chains. They stored the persistent
cache of certs, and crls, keys, control structures, and trust points in a
MIB. UA and MTA apps interfaced to the cache using SNMP (or a co-resident
SNMP API). The nature of the MIB allows for many instances, different
schemas, and: "claim mapping". This idea of using the S-MIB as a local
truststore still has relics around, in the higher assurance HSM appliances
one buys. You have to talk to it over SNMPv3, with its own security services
applied, when the server supports a frontend cluster,of course.
________________________________________
From:
[]
Sent: Wednesday, September 24, 2008 11:34 AM
To:
Subject: RE: [Shib-Dev] seeking feedback on Shibboleth 2.2 Roadmap
I read through it, and everything there looked good to me.
One additional thing I thought might be nice would be an extension of the
assertion exporting mechanism in the Shibboleth SP. The current method for
exporting the entire SAML Assertion is nice and has been an excellent method
for getting around the 8K barrier that crops all over the place (AJP,
mod_proxy, IIS, etc.). We have used that extensively in our federation,
since we transmit very large SAML Assertions (well over 8K, and frequently
over 20K). The feature that I thought might be nice would be an additional
feature called attribute exporting, where each attribute is exported as a URL
for querying instead of as a value (this could either be done in bulk or on
an individual attribute basis). This way if a single attribute could be
larger than 8K there would be a means to get it without either parsing the
full SAML Assertion or relying on the environment to be able to handle larger
than 8K.
The additional authentication support on the IdP portion of the Roadmap looks
very promising, and I am excited to see how that progresses.
-----Original Message-----
From:
[mailto:]
Sent: Tuesday, September 23, 2008 11:11 AM
To:
;
Subject: [Shib-Dev] seeking feedback on Shibboleth 2.2 Roadmap
The Shibboleth team has made available its current thinking about the
next point release of the Shibboleth software. This information is
available at:
https://spaces.internet2.edu/display/SHIB2/Shibboleth+2.2+Roadmap
The team is seeking comments and feedback. The first section of the
document identifies specific functionality, and the priorities
currently assigned by the team. The second section describes several
areas where we are seeking community input before possibly beginning
any implementation effort. Note that there are two sub-pages
providing additional detail: one on Consent Release of Attributes,
and one on Information Card Support.
Please send your comments to the shibboleth-dev AT internet2.edu
mailing list. Directions for subscribing to this list are available
at http://shibboleth.internet2.edu/lists.html .
The Shibboleth team would like to thank the community for its
contributions, comments, and feedback over the years. Please let us
know what you think of our current plans.
- RE: [Shib-Dev] seeking feedback on Shibboleth 2.2 Roadmap, (continued)
- RE: [Shib-Dev] seeking feedback on Shibboleth 2.2 Roadmap, Scott Cantor, 09/24/2008
- RE: [Shib-Dev] seeking feedback on Shibboleth 2.2 Roadmap, Peter Williams, 09/24/2008
- RE: [Shib-Dev] seeking feedback on Shibboleth 2.2 Roadmap, Scott Cantor, 09/24/2008
- RE: [Shib-Dev] seeking feedback on Shibboleth 2.2 Roadmap, Peter Williams, 09/24/2008
- RE: [Shib-Dev] seeking feedback on Shibboleth 2.2 Roadmap, Scott Cantor, 09/24/2008
- RE: [Shib-Dev] seeking feedback on Shibboleth 2.2 Roadmap, Peter Williams, 09/25/2008
- RE: [Shib-Dev] seeking feedback on Shibboleth 2.2 Roadmap, Scott Cantor, 09/25/2008
- RE: [Shib-Dev] seeking feedback on Shibboleth 2.2 Roadmap, Scott Cantor, 09/24/2008
- RE: [Shib-Dev] seeking feedback on Shibboleth 2.2 Roadmap, Peter Williams, 09/24/2008
- RE: [Shib-Dev] seeking feedback on Shibboleth 2.2 Roadmap, Scott Cantor, 09/24/2008
- RE: [Shib-Dev] seeking feedback on Shibboleth 2.2 Roadmap, Peter Williams, 09/24/2008
- RE: [Shib-Dev] seeking feedback on Shibboleth 2.2 Roadmap, Scott Cantor, 09/24/2008
- Message not available
- Re: [Shib-Dev] seeking feedback on Shibboleth 2.2 Roadmap, Eric Norman, 09/24/2008
- RE: [Shib-Dev] seeking feedback on Shibboleth 2.2 Roadmap, Scott Cantor, 09/24/2008
- RE: [Shib-Dev] seeking feedback on Shibboleth 2.2 Roadmap, Peter Williams, 09/24/2008
- RE: [Shib-Dev] seeking feedback on Shibboleth 2.2 Roadmap, Scott Cantor, 09/24/2008
Archive powered by MHonArc 2.6.16.