Re: [higgins-dev] SAML utility code

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]

Re: [higgins-dev] SAML utility code

From: "Markus Sabadello" <msabadello@xxxxxxxxxxxxx>
Date: Tue, 17 Jun 2008 00:53:13 +0200
Delivered-to: higgins-dev@xxxxxxxxxxx
Domainkey-signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=message-id:date:from:sender:to:subject:in-reply-to:mime-version :content-type:references:x-google-sender-auth; b=ad9bYXE344yW2sRQwtg4tMrqxNLQ1EzMCCv+LFJQtaAXrUab59m+5fAf8AC4vvu/sG LNRFDubdey9/bzxiY5h33gZIODIrMcYPCJ9J/mein3dPULYJ0hwfAAzka1IbSab9VTir UNGUlKLjTOj5+joOeQ9FA+bkgdXWAKA3l8SqI=
List-archive: <https://dev.eclipse.org/mailman/private/higgins-dev>
List-help: <mailto:higgins-dev-request@eclipse.org?subject=help>
List-subscribe: <https://dev.eclipse.org/mailman/listinfo/higgins-dev>, <mailto:higgins-dev-request@eclipse.org?subject=subscribe>
List-unsubscribe: <https://dev.eclipse.org/mailman/listinfo/higgins-dev>, <mailto:higgins-dev-request@eclipse.org?subject=unsubscribe>

Here are some notes of what we talked about:

- Tom&Jim explained to Mike what they are doing with SAML. I didn't really understand it, only that it has something to with SASL and LDAP, but not with cards. The point is that Tom&Jim only need to do very simple things with SAML (e.g. read the NameId from an assertion) and therefore have taken a similar approach as Markus (a few simple util classes).

- Mike explained to Markus a few more things about the STS. Markus should know enough now to try again using it in his saml2idp.saml2 project. The goal is to make all code in Markus' project go away that generates a SAML 2.0 response and assertion.

- Markus will still need his own code to parse the incoming SAML 2.0 authn request.

- Markus will move his SAML 2.0 utility classes to Tom's higgins.util.saml project so that everything is in one place. The higgins.saml2idp.saml2 project will go away.

- This should then also fix the build problems of saml2idp.server that have occurred over the last few days.

- Maybe Mike will make a simpler version of the TokenRequestFactory.createRequest() method without the certRelyingPartyChain and certStore parameters, since they are used for cards which not everyone dealing with SAML needs.

- The STS will use the approved commons-codec-1.3.jar now for Base64 encoding, and IBase64Extension will go away.

For more details see IRC archive http://graceland.parityinc.net/pub/higginsirc/log_2008-06-16.txt

Markus

On Mon, Jun 16, 2008 at 11:25 AM, Markus Sabadello <msabadello@xxxxxxxxxxxxx> wrote:

Heya

I'll be on IRC at 5pm ET today to talk about this, since most of you including Mike said OK here at http://www.doodle.ch/crt8ehe29te4wmt4. Sorry Greg there's no slot where everyone has time, and Mike is more important than you in this case :)

cu
Markus

On Thu, Jun 12, 2008 at 2:28 PM, Markus Sabadello <msabadello@xxxxxxxxxxxxx> wrote:

http://www.doodle.ch/crt8ehe29te4wmt4

Agenda:
1) Markus has tried to use the STS in saml2idp.server and has STS questions for Mike
2) In the meanwhile, Tom&Jim have used Markus' saml2idp.saml2 code, which was meant to go away after 1) is complete
3) Other STS & SAML2 IdP convergence issues

Markus

On Thu, Jun 12, 2008 at 1:25 AM, Tom Doman <tdoman@xxxxxxxxxx> wrote:

Yeah, sure, that sounds good. I know you mentioned that and that Mike
talked about making some of the STS code be utility code but I also need
something for the interim and Jim suggested I get the ball rolling.

But, yes, we should all talk because I don't know what Mike is thinking
with regard to use of axiom or maintaining the org.w3c.dom approach
you did. I'd like to preserve an org.w3c.dom approach at the utility level.

Is Mike away until next week?

Tom

>>> "Markus Sabadello" <msabadello@xxxxxxxxxxxxx> 06/11/08 4:51 PM >>>

As I mentioned in my other mail, I have been trying to use STS code in my
SAML2 IdP instead of the utility classes you are referring to.

Since this is all related, maybe the three of us (and anyone else who is
interested) could do an IRC session or telecon some time next week?

Markus

On Thu, Jun 12, 2008 at 12:45 AM, Tom Doman <tdoman@xxxxxxxxxx> wrote:

> In order to get the ball rolling and get the SAML code I need, I'm going to
> create an org.eclipse.higgins.util.saml package and, for the time being,
> move a little of the SAML2 IDP code into it and write a little of my own. I
> need SAML 1.0 document support so I want to use XMLElement from
> saml2idp.saml2 and I figured that if Mike is going to create more
> generalized SAML utility code, mine can go away but the package can remain.
> At any rate, I am anxious to see utility APIs like what Markus did but that
> supports both SAML 1 & 2.
>
> Tom
>
>
> _______________________________________________
> higgins- dev mailing list
> higgins- dev@xxxxxxxxxxx
> https://dev.eclipse.org/mailman/listinfo/higgins- dev
>

_______________________________________________
higgins-dev mailing list
higgins-dev@xxxxxxxxxxx
https://dev.eclipse.org/mailman/listinfo/higgins-dev

Follow-Ups:
- Re: [higgins-dev] SAML utility code
  - From: Markus Sabadello

References:
- [higgins-dev] SAML utility code
  - From: Tom Doman
- Re: [higgins-dev] SAML utility code
  - From: Markus Sabadello
- Re: [higgins-dev] SAML utility code
  - From: Tom Doman
- Re: [higgins-dev] SAML utility code
  - From: Markus Sabadello
- Re: [higgins-dev] SAML utility code
  - From: Markus Sabadello

Prev by Date: [higgins-dev] Higgins 1.1 M2 release status
Next by Date: Re: [higgins-dev] SAML utility code
Previous by thread: Re: [higgins-dev] SAML utility code
Next by thread: Re: [higgins-dev] SAML utility code
Index(es):
- Date
- Thread

Breadcrumbs