Shibboleth Developers

[Paul Hethmon <>]

On 12/7/09 1:30 PM, "Scott Cantor" 
<>
 wrote:

> So, given that, isn't it fair to say that an implementation of SLO cannot
> rely on frames? I believe the demo at the Hungarian site uses them. And it
> works because there's a common domain.

Sounds likely to me. Its on my list to take a close look at that code soon.
I don't think there is anyway to reliably do anything with frames.

> 
> Was chatting with Chad about the SWITCH WAYF, and I imagine that for some
> reason not clear to me, Javascript fetched from a third party inside a page
> operates on different restrictions than a frame src does. That makes little
> sense to me, frankly, but I guess that would be the solution.

Sounds like an oversight, looking at the page domain for the security
restrictions instead of the js source site.


-----
Paul Hethmon
Chief Software Architect
Clareity Security, LLC
865.824.1350 - office
865.250.3517 - mobile
www.clareitysecurity.com
-----

God does not play dice with the universe; He plays an ineffable game of his
own devising, which might be compared, from the perspective of any of the
other players, to being involved in an obscure and complex version of poker
in a pitch dark room, with blank cards, for infinite stakes, with a dealer
who won't tell you the rules, and who smiles all the time.

 -- Terry Pratchett, Good Omens