Tim Chown wrote:
> Ideally there would be a single access control system for network access
> and general application resource access... the question I was trying to
> ask in Edinburgh is given LIN exists, how might we get more value from it,
> and at the same time how far can/should SHibboleth push down towards
> network access control. Maybe the two won't meet, but it seems sensible
> to explore the relationship and tradeoffs.
Another angle: Shibboleth offers a great model for authorisation but
stinks at authentication (ie. the WAYF). Conversely, RADIUS/802.1X is
great at authentication, but its authorisation capabilities are
typically quite clunky compared to Shibb.
It's possible that a convergence of 802.1X and Shibb could allow us to
extract the best from both approaches.
josh.
|