Shibboleth Architecture Draft

[Marlena Erdos <marlena@us.ibm.com>]

Dear SAMLers,

   For those of you who are curious about Shibboleth,
the initial draft version of the Shibboleth Architecture
is now on the Internet2 web site.   See the note below
for the URL and some notes about the state of the document.

  Shibboleth has much in common with SAML.  For example
we are hoping/expecting to use SAML queries and assertions.
Shibboleth though is both narrower and broader than SAML:
Our use cases are far more limited, but we go outside
some the "edges" of SAML to include the notions of
"attribute release policies" at the AA (a privacy issue)
and "attribute acceptance policies" at the relying party.

  Comments would be most welcome.

Regards,
Marlena
IBM/Tivoli

PS There is also a specification document (also a draft) on
the website.  And there are lots of other documents -- but
many are out of date and don't reflect the current architecture.
(A website cleanup is supposed to occur sometime "soon".)

PPS The website only has HTML for the arch doc.  If you
want a Word document (which is the source for the html),
let me know.


---------------------- Forwarded by Marlena Erdos/Austin/Contr/IBM on
06/11/2001 11:48 AM ---------------------------

Marlena Erdos
06/08/2001 04:58 PM

To:   Shibboleth Project <mace-shibboleth@internet2.edu>
cc:
From: Marlena Erdos/Austin/Contr/IBM@IBMUS
Subject:  Shibboleth Architecture Draft


Dear Shibbers,

The initial draft version of the Shibboleth Architecture is now
on the web site. The URL is:

http://middleware.internet2.edu/shibboleth/docs/draft-erdos-shibboleth-architecture-00.html

The architecture doc describes the concepts and model of Shibboleth.
It also describes but doesn't specify Shibboleth exchange messages and
the behavior or Shibboleth components.  There are two intended
audiences: The first consists of technically-minded readers who want
to get a "sense" of Shibboleth, and the second consists of those who
want to understand Shibboleth in detail -- perhaps a prelude to their
own implementation of one or more Shibboleth components

This document is a first draft   Unfortunately, I got very little
feedback  from the initial reviewers -- presumably due to
their time constraints.   And I added in a new section very recently
(and revamped others) to account for a recent change in the design
and this has not been reviewed at all.
   The upshot is that while I think the architecture doc generally
well-represents the architecture we've discussed, debated, haggled
over, there are undoubtably mistakes.

I will collect corrections and re-issue the document. There are also
some sections that need "filling in" (not too many) and I expect
to add a new section on "Attribute Acceptance Policies".
("Attribute Acceptance Policies" is a new topic some of us have
been discussing (albeit off-list).)

Finally, you'll note some "XXX" markings.  These notations are
bookmarks of sorts, and they mean "Fix this!"   You can ignore
them (or suggest text that will allow me to remove the dreaded XXXs :-)).

Please send your corrections and comments (and compliments) to either
me or the list.   I am aiming for clarity so if something is correct but
not clear,  I want to hear about it too.

Regards,
Marlena