OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

security-use message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]

Subject: Shibboleth Use Case Supported?

In Shibboleth is *seems* that the request order is like the following:

1. A client tries to access a protected resource at a remote site
2. An associated auth-service asks the client to identify its "home" domain
3. The auth-service signs a message indicating what kind of authorization/authentication it wants and
through redirect that is sent back to the home domain
4. The home domain authority creates a suitable signed credential
for the client who trough another redirect hands over to the protected resource

In the S2ML draft I see no support for this and AuthXML lacks descriptions on this level
so I can't really tell.

Nevertheless, this is a *VERY* important scenario that should be a part of the use cases.

Bob, do you anticipate that Shibboleth docs will be available throuout the dev. process?
Will you notify us when there are updates?

Regarding descriptions of complex protocols such as above, I think that the method used by the SET designers
is much better than in any of the documents mentioned as a reference for this work.

Horizontal => Entities
Vertical => Time-line and protocol steps with lines between entities involved


[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]

Powered by eList eXpress LLC