[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Subject: Re: Shibboleth and credential negotiation
Marlena, <snip> > I too work on Shibboleth. Sorry to not have responded earlier. Better late than never! I think Shibboleth is an exciting project. Whish I could join... > We are still trying to figure out what we are going to do in > Shibboleth. > What is likely is that we will have "canned" sets of > well-known attributes. And that we'll have a means > of extensibility. If applied to A2ML that would be in the form of a "Shibboleth partner" XML schema definition? > We are arguing whether or not there is the possibility > of a target site "asking" for what it wants. The two > extremes cases are: (1) the target always asks for what it > wants from an attribute authority; (2)the set of attributes > to be sent is pre-configured (at the source) on a "per site" > basis and no asking is needed or permitted. I don't consider this as two extremes, I would rather characterize this as the *only* two possibilities, where (2) represent the current A2ML solution. If there really is a *third* option what would that look like? A side-effect of (1) is that the target is autenticated before the source, gives IMO a much better control over the situation ("genuine" target or not?) and is a pre-condition for any serious information disclosure user options. <snip> > I hope this helps. It was very interesting to read, now I just wonder how this TC will treat this. Anders
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [Elist Home]
Powered by eList eXpress LLC