>>>>> "Scott" == Scott Cantor <[log in to unmask]> writes:
>> I was assuming that you'd want Shibboleth to share the same
>> configuration when called from gss for a given application as
>> when called from non-gss for a given application. That may be an
>> invalid assumption.
Scott> No, that's what I meant...that configuration isn't GSS-based
Scott> or GSS-aware, so deep diving on GSS options to influence the
Scott> processing that Shibboleth code would do on the SAML doesn't
Scott> seem fruitful.
Scott> You had mentioned queries, for example, and not wanting to
Scott> assume them for performance reasons. But queries would be a
Scott> function of the attribute resolver configuration within
Scott> Shibboleth, not a presumption of processing a SAML
Scott> assertion. If you don't want them, you don't configure them,
Scott> but you'd do it there.
Ah. So I was assuming an application that would grab the assertion out
of GSS, turn around and hand it back to shibboleth. I don't want the
query to happen when gss gets the assertion but I want it to happen
later. If the Shibboleth configuration is shared, I think I want some
mechanism for the application to tell GSS that it will be using
shibboleth directly and thus that should be deferred.
|