Message from discussion
ESOE specification
Received: by 10.90.82.17 with SMTP id f17mr1107616agb.14.1239229248881;
Wed, 08 Apr 2009 15:20:48 -0700 (PDT)
Return-Path: <s.mangelsd...@gmail.com>
Received: from yw-out-2324.google.com (yw-out-2324.google.com [74.125.46.31])
by gmr-mx.google.com with ESMTP id 15si1085906gxk.0.2009.04.08.15.20.47;
Wed, 08 Apr 2009 15:20:47 -0700 (PDT)
Received-SPF: pass (google.com: domain of s.mangelsd...@gmail.com designates 74.125.46.31 as permitted sender) client-ip=74.125.46.31;
Authentication-Results: gmr-mx.google.com; spf=pass (google.com: domain of s.mangelsd...@gmail.com designates 74.125.46.31 as permitted sender) smtp.mail=s.mangelsd...@gmail.com; dkim=pass (test mode) header...@gmail.com
Received: by yw-out-2324.google.com with SMTP id 3so268409ywj.77
for <esoe-users@googlegroups.com>; Wed, 08 Apr 2009 15:20:47 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=gmail.com; s=gamma;
h=domainkey-signature:mime-version:received:in-reply-to:references
:date:message-id:subject:from:to:content-type;
bh=Eq80cAzb58UwwAZj/0n2RACQd3+3fkq3i2td4HHsjpI=;
b=fCl9rOH5q+ZNIq/VbWxrRFoodkOouePdqeFJTomQ1EZGYCvCnW+SdeTPqzt8PbmS30
dccdMrYbOnp/Omzy3n+jMp6EBg4TrN9DHqjX8fyiyaYZdHXhtcCTS5V7ecntsdwYs3JV
CqP85ynotJVOrg8Dccz8m/wNH+e830tlIlg8U=
DomainKey-Signature: a=rsa-sha1; c=nofws;
d=gmail.com; s=gamma;
h=mime-version:in-reply-to:references:date:message-id:subject:from:to
:content-type;
b=ms1YEhixzs3Bts1HkdkrgPXEYOAT4tmXjyJiFe3LZHuTL7CYg+Kh3w/PwNjDnlj8Ae
DPoYcPKXTj6e+b109KECQhm3EogAyt+qY3FrJI5CFF2GuQJXr+5YBKCGtozPKZNbn7rs
PZOFsUhvgnbgW0rPcq4mxFXdTgXl3ZdM8pOTQ=
MIME-Version: 1.0
Received: by 10.150.148.7 with SMTP id v7mr3303633ybd.66.1239229247683; Wed,
08 Apr 2009 15:20:47 -0700 (PDT)
In-Reply-To: <bb7711a3-1cef-41f2-8718-fe14be4104df@j8g2000yql.googlegroups.com>
References: <bb7711a3-1cef-41f2-8718-fe14be4104df@j8g2000yql.googlegroups.com>
Date: Thu, 9 Apr 2009 08:20:47 +1000
Message-ID: <90ad28f40904081520ufba7db8r380d63b16822b...@mail.gmail.com>
Subject: Re: [esoe-users] ESOE specification
From: Shaun Mangelsdorf <s.mangelsd...@gmail.com>
To: esoe-users@googlegroups.com
Content-Type: multipart/alternative; boundary=000e0cd47c581ab6a30467128b07
--000e0cd47c581ab6a30467128b07
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
Hi Filipa,
2009/4/8 Filipa <filipa.mo...@alert.pt>
> What i want to do is find a solution for SSO that uses SAML.. I have
> my application which will be the starting point..assuming it's a web
> browser application, in case i'm logged and i open a new tab for
> anotehr application for other provider, can automaticate SSO be made?
> And does it support federated identity?
Yes, to both of these.
> It seems your solution is a bit more complex than what i need because
> it already deals with authorization.. in my case i will have an
> authorization framework which is already developed and i just need to
> "talk" to her through SAML+XACML.. would this be possible?
Currently the ESOE software does not support XACML. On the assumption that
you already have a XACML PEP implementation, you could ignore the
authorization components of ESOE and use what you have.
> Technical specification:
> - is it compliant with Windows/Linux/HPUX/AIX servers?
The core of ESOE is Java, so it will run anywhere Java runs. The SPEP
software (ESOE's implementation of a SAML2 SP) has implementations available
for Java and Apache, and an IIS version which is in a pre-release state at
the moment.
The Apache code has been compiled and tested on FreeBSD 32/64 bit, Linux
32/64 bit, Windows 32 bit, Mac OSX [1], and I'm confident that it would
compile on all modern environments.
> - is it compliant with Windows/Linux/MacOs clients?
We've tested on every browser we have available and haven't found any
problems. (IE6/7/8, Firefox 2/3, Opera, Safari, Konqueror, Chrome, Lynx)
> - does it allow authentication methods like smartcard and biometrics?
There is a fully extensible authentication 'pipeline' so that you can add
any type of authentication you need to use.
- does it support XACML?
Not natively, though it wouldn't be very difficult to add support.[2]
Regards,
Shaun
[1] Since MacPorts only supports 32-bit, SPEP can only be built 32-bit on
Mac OSX at the moment. This means you can't use the default system Apache.
See http://www.esoeproject.org/confluence/x/aYA3
[2] Writing an XACML implementation would be quite challenging and
time-consuming, but adding it into ESOE would be relatively easy.
--000e0cd47c581ab6a30467128b07
Content-Type: text/html; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable
Hi Filipa,<br><br><div class=3D"gmail_quote">2009/4/8 Filipa <span dir=3D"l=
tr"><<a href=3D"mailto:filipa.mo...@alert.pt" target=3D"_blank">filipa.m=
o...@alert.pt</a>></span><br><blockquote class=3D"gmail_quote" style=3D"=
border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; paddi=
ng-left: 1ex;">
What i want to do is find a solution for SSO that uses SAML.. I have<br>
my application which will be the starting point..assuming it's a web<br=
>
browser application, in case i'm logged and i open a new tab for<br>
anotehr application for other provider, can automaticate SSO be made?<br>
And does it support federated identity?</blockquote><div><br>Yes, to both o=
f these.<br>=A0<br></div><blockquote class=3D"gmail_quote" style=3D"border-=
left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left=
: 1ex;">
It seems your solution is a bit more complex than what i need because<br>
it already deals with authorization.. in my case i will have an<br>
authorization framework which is already developed and i just need to<br>
"talk" to her through SAML+XACML.. would this be possible?</block=
quote><div><br>Currently the ESOE software does not support XACML. On the a=
ssumption that you already have a XACML PEP implementation, you could ignor=
e the authorization components of ESOE and use what you have.<br>
=A0<br></div><blockquote class=3D"gmail_quote" style=3D"border-left: 1px so=
lid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">
Technical specification:<br>
- is it compliant with Windows/Linux/HPUX/AIX servers?</blockquote><div><br=
>The core of ESOE is Java, so it will run anywhere Java runs. The SPEP soft=
ware (ESOE's implementation of a SAML2 SP) has implementations availabl=
e for Java and Apache, and an IIS version which is in a pre-release state a=
t the moment.<br>
<br>The Apache code has been compiled and tested on FreeBSD 32/64 bit, Linu=
x 32/64 bit, Windows 32 bit, Mac OSX [1], and I'm confident that it wou=
ld compile on all modern environments.<br>=A0<br></div><blockquote class=3D=
"gmail_quote" style=3D"border-left: 1px solid rgb(204, 204, 204); margin: 0=
pt 0pt 0pt 0.8ex; padding-left: 1ex;">
- is it compliant with Windows/Linux/MacOs clients?</blockquote><div><br>We=
've tested on every browser we have available and haven't found any=
problems. (IE6/7/8, Firefox 2/3, Opera, Safari, Konqueror, Chrome, Lynx)<b=
r>
=A0<br></div><blockquote class=3D"gmail_quote" style=3D"border-left: 1px so=
lid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">
- does it allow authentication methods like smartcard and biometrics?</bloc=
kquote><div><br>There is a fully extensible authentication 'pipeline=
9; so that you can add any type of authentication you need to use.<br>
<br></div><blockquote class=3D"gmail_quote" style=3D"border-left: 1px solid=
rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">
- does it support XACML?</blockquote><div><br>Not natively, though it would=
n't be very difficult to add support.[2]</div></div><br><br>Regards,<br=
>Shaun<br><br><br>[1] Since MacPorts only supports 32-bit, SPEP can only be=
built 32-bit on Mac OSX at the moment. This means you can't use the de=
fault system Apache. See <a href=3D"http://www.esoeproject.org/confluence/x=
/aYA3" target=3D"_blank">http://www.esoeproject.org/confluence/x/aYA3</a><b=
r>
[2] Writing an XACML implementation would be quite challenging and time-con=
suming, but adding it into ESOE would be relatively easy.<br>
--000e0cd47c581ab6a30467128b07--
|
