shibboleth-dev - RE: [Shib-Dev] Spring supports OAuth
Subject: Shibboleth Developers
List archive
- From: Peter Williams <>
- To: "" <>
- Subject: RE: [Shib-Dev] Spring supports OAuth
- Date: Thu, 12 Feb 2009 08:47:48 -0800
- Accept-language: en-US
- Acceptlanguage: en-US
Another motivating argument is that deployment-focussed folks simply want to
talk to and mashup with the many oauth sites (who show little sign of
adopting saml/shib or more formal sts architectures).
I di have an excellent and very satisfying interaction with a new saml sp
partner last week that used the spring security framework for saml2
interworking (both sso and slo). Im guessing they invested less that 20h
adding saml2 to the commercial website. Quite what spring provides in terms
of session security model (over and above serialization and signing/pki) I
dont know (and as the peer-peer idp I don't really care). But they are quite
delighted with saml2. Ill try to chat to them about what opportunity oauth
might offer them, in a combo protocol world.
-----Original Message-----
From: Scott Cantor
<>
Sent: Thursday, February 12, 2009 8:26 AM
To:
<>
Subject: RE: [Shib-Dev] Spring supports OAuth
Wu, Albert wrote on 2009-02-12:
> Not that I necessarily think this is the right thing to do, but if one
> considers "attributes" in Shib terms as "protected resource" in OAuth
terms, and
> Shib IDP as OAuth "Service Providers", the 2 spaces begin to overlap.
> Would it be conceivable that there eventually be a use case for
interoperability?
OAuth as a security mechanism to authenticate to the IdP for queries? I
can't see that being of much use with any current use cases, but if you were
using the IdP as something like a "personal profile service" in the Liberty
sense, I suppose it might be plausible.
I think in general that the user consent model during SSO to approve release
is simpler than something with OAuth that bounces you back to the IdP would
be. But if you start looking at aggregation use cases, then it might come
up.
-- Scott
- RE: [Shib-Dev] Spring supports OAuth, Peter Williams, 02/12/2009
- RE: [Shib-Dev] Spring supports OAuth, Scott Cantor, 02/12/2009
- RE: [Shib-Dev] Spring supports OAuth, RL 'Bob' Morgan, 02/12/2009
- <Possible follow-up(s)>
- RE: [Shib-Dev] Spring supports OAuth, Peter Williams, 02/12/2009
Archive powered by MHonArc 2.6.16.