Mike Kenyon wrote:
> Hello All,
>
> I wonder if any of you have experience of using Shibboleth and, in
> particular, the ShibVomGSite extensions (Shibboleth, VOMS and GridSite
> Integration).
Shibboleth yes - was previously used in prototype projects with portals
to access NGS (eg ShibGrid, a project which did not have the letters
"NGS" in its name); now being deployed in earnest in the SARoNGS project
which is also looking at VOMS integration via the CTS component from the
Manchester SHEBANGS project. More details? Let me know.
ShibVomGSite, no. But John (Watt) asked over on UKFED, so let's see if
he gets any responses.
>
> I'm investigating the feasibility of providing ShibVomGSite access to
> users who wish to edit our web presence at http://www.scotgrid.ac.uk .
> I've been advised that such an access model would require a coordinated
> effort between all sites in the UK federation. As I'm unsure whether
> such a cooperative exists, I though I'd contact this list to find out.
Why is the IdP hooked up to a MyIdentity service? Any IdP in the Fed
should be hooked up to the site id management infrastructure.
http://www.hep.man.ac.uk/u/dada/shibvomgsite/
Perhaps I misunderstood something.
Which subsidiary attrs are needed? If it needs DNs (as in
eduPersonOrgDN) then you're practically out of luck with the Fed., see
http://www.ukfederation.org.uk/library/uploads/Documents/technical-recommendations-for-participants.pdf
It _would_ need a concerted effort although not necessarily from all
members (with IdPs, many members don't have IdPs). But it sort of goes
against the spirit of the UK Federation unless you mangle them up a la
ePTID.
Incidentally, there are people within SARoNGS who also want to concert
efforts against the Federation but they are aiming at a different target
(passing attrs along).
Cheers
--jens
|