Skip to Content.
Sympa Menu

wg-pic - Re: [wg-pic] SAML use cases

Subject: Presence and IntComm WG

List archive

Re: [wg-pic] SAML use cases


Chronological Thread 
  • From: Peter Saint-Andre <>
  • To:
  • Subject: Re: [wg-pic] SAML use cases
  • Date: Wed, 28 Oct 2009 14:36:46 -0600
  • Openpgp: url=http://www.saint-andre.com/me/stpeter.asc

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 10/28/09 2:31 PM, Tom Scavo wrote:
> On Wed, Oct 28, 2009 at 4:19 PM, Peter Saint-Andre
> <>
> wrote:
>> On 10/28/09 2:01 PM, Tom Scavo wrote:
>>
>>> Now
>>> protect this client with a Shibboleth Service Provider (or any
>>> implementation of a SAML Service Provider) and map the supplied group
>>> membership attribute(s) to the corresponding chat room(s).
>> But doesn't this constrict us to the use of a web client?
>
> Yes, but that's what SAML was designed for, so this is the easiest
> problem to solve. Surely someone must have already done this.

I might misunderstand what you mean by "protect this client with a
Shibboleth Service Provider". I assumed you meant "require HTTP
authentication or some other security mechanism to access the web
client" but perhaps you mean something more sophisticated.

>>> The latter seems fairly straightforward compared to the former, so
>>> this is where I think I need to start. Why is it thought that the
>>> former is the problem we want to solve?
>> Because there is a huge installed base of XMPP-capable clients on just
>> about every computing platform known to man. It would be great if they
>> could Just Work [tm]...
>
> And how do these clients authenticate themselves today?

A client authenticates to its local server using its most preferred SASL
mechanism from among the mechanisms offered by the local server. Once it
is on the network, right now it can access any resource that is not
protected using primitive mechanisms like members-only chatrooms (where
the list of members is manually configured by a room admin). We'd like
to move beyond primitive mechanisms to things like role-based authorization.

Peter

- --
Peter Saint-Andre
https://stpeter.im/


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.8 (Darwin)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iEYEARECAAYFAkroq14ACgkQNL8k5A2w/vzQwACfYywVe/fF2LQ51ve7DSwtW8jd
GeMAn0u/BbBFfLMr5OwDYJfPmJ91wIeJ
=ykn0
-----END PGP SIGNATURE-----



Archive powered by MHonArc 2.6.16.

Top of Page