OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

saml-dev message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: Re: [saml-dev] SAML2.0 implementations

Cool! :-)  Alistair, can you give more info re Guanxi and/or SAMUEL?
(Similar to what Eve did for the others.)


On 12/2/06, Alistair Young <alistair@smo.uhi.ac.uk> wrote:
> Hi folks,
> I thought I'd just chip in my small tuppence worth on SAML toolkits. Seems
> I missed the list switch and all the interesting discussions.
> The toolkit that comes with Guanxi, SAMUEL (SAML Used in eLearning) is a
> partial SAML1.1 implementation with a planned complete upgrade to SAML2.0,
> full coverage, hopefully in the next 6 months.
> I too had a lot of trouble in the early days, with SAML, profiles and
> Shibboleth etc. When talking about this to non technical conferences, I
> like to think of it all as the "bucket brigade". You have an urgent fire
> to put out. The flames of SSO! SAML provides the "buckets" into which
> information on how to extinguish the fire is placed by the fire master.
> In the case of Shibboleth, the fire master is your IdP. The SP needs that
> info to put out the fire. However, the buckets themselves are useless.
> They just sit there doing nothing. That's where the profiles come in. They
> specify how to move the buckets around.
> e.g. the Shibboleth SAML1.1 profile says:
> "take that bucket marked AuthenticationStatement, scrawl something on it
> that I will recognise it came from you, then bung it over there next to
> the Respone bucket and ..."
> but Shibboleth is also an implementation? yes, it's the reference
> implementation of the Shibboleth SAML profile. Guanxi is another
> implementation of that Shibboleth profile.
> Shibboleth uses openSAML to control the buckets. Guanxi uses SAMUEL.
> So there are two levels, the raw SAML "bucket" level. A soup of SAML
> tokens. And a higher level, where the profiles live, that stir up that low
> level soup.
> So I think it's a good idea to keep the profiles separate from the SAML
> tokens themselves. That way you can create all sorts of weird and
> wonderful profiles, using the same SAML toolkit.
> Alistair
> --
> mov eax,1
> mov ebx,0
> int 80h
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: saml-dev-unsubscribe@lists.oasis-open.org
> For additional commands, e-mail: saml-dev-help@lists.oasis-open.org

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]