shibboleth-dev - Re: [Shib-Dev] uApprove + IdP 3.x
Subject: Shibboleth Developers
List archive
- From: Kristof BAJNOK <>
- To:
- Subject: Re: [Shib-Dev] uApprove + IdP 3.x
- Date: Fri, 19 Mar 2010 13:13:55 +0100
- Organization: NIIF Institute
On Friday 19 March 2010 12.16.40 Chad La Joie wrote:
> At this time, the consent engine is a strictly front-channel thing.
Yes, I'm aware of that, that's why I'm asking about the future plans. ;)
Seriously, I can imagine some filtering rule that could check the uApprove
database and throw an exception if user consent is needed. The uApprove
could then process this, display the consent screen (or fail on back-
channel) and redo the whole attribute resolution and filtering on success.
Of course, this would be an architectural change in at least uApprove (and
probably in the filtering part), but I think, it would be far less hackish
than the current one. When you speak about integration, this is what I think
it should mean.
Why I'm coming up with this is because our federation is undergoing a wide
privacy analysis. If I can't promise that the back-channel privacy thing
will be handled at some time, I'd be forced to remove the AA endpoints from
the metadata. Therefore progressing towards persistent nameids would be
pointless.
Kristof
- uApprove + IdP 3.x, Kristof BAJNOK, 03/19/2010
- Re: [Shib-Dev] uApprove + IdP 3.x, Chad La Joie, 03/19/2010
- Re: [Shib-Dev] uApprove + IdP 3.x, Kristof BAJNOK, 03/19/2010
- Re: [Shib-Dev] uApprove + IdP 3.x, Chad La Joie, 03/19/2010
- Re: [Shib-Dev] uApprove + IdP 3.x, Kristof BAJNOK, 03/19/2010
- Re: [Shib-Dev] uApprove + IdP 3.x, Peter Schober, 03/19/2010
- Re: [Shib-Dev] uApprove + IdP 3.x, Kristof BAJNOK, 03/19/2010
- RE: [Shib-Dev] uApprove + IdP 3.x, Scott Cantor, 03/19/2010
- Re: [Shib-Dev] uApprove + IdP 3.x, Kristof BAJNOK, 03/21/2010
- Re: [Shib-Dev] uApprove + IdP 3.x, Chad La Joie, 03/19/2010
- Re: [Shib-Dev] uApprove + IdP 3.x, Kristof BAJNOK, 03/19/2010
- Re: [Shib-Dev] uApprove + IdP 3.x, Chad La Joie, 03/19/2010
Archive powered by MHonArc 2.6.16.