-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 08/01/2011 01:28 PM, Josh Howlett wrote:
> Hi Hauke,
>
>> Is it correct that it should be possible to use a normal web IdP to
>> authenticate any user in the end?
>
> A SAML IdP by definition only supports authentication using the HTTP or
> SOAP bindings of the Authentication Request Protocol; neither of these are
> part of the Moonshot architecture, and so I'm not sure what you mean here.
I think the question is: how much extra stuff do I have to deploy and
maintain ;-)
Personally (as an operator of stuff like this) I would be find running
multiple authentication frontends to the same backend but I would not
deploy something that required me to maintain multiple versions of the
same attribute filtering and release.
I believe Roland is working on such an interface for Moonshot but I
haven't really seen a discussion about what the SAML side of that
interface looks like.
Cheers Leif
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iEYEARECAAYFAk42j+YACgkQ8Jx8FtbMZnc09gCcDiPf6HpeQ44+Sq8hzwv9CmfV
GMUAoJhd++jEvm1Td6O2zC8XsBFGebHF
=lqjx
-----END PGP SIGNATURE-----
|