Bug 6504 – Support for SAML V2.0 Metadata

Bug 6504 - Support for SAML V2.0 Metadata

Summary:

Support for SAML V2.0 Metadata

Status:	NEW

Product:	GridShib
Component:	Roadmap
Version:	unspecified
Platform:	All All

Importance:	P3 enhancement
Target Milestone:	beta
Assigned To:	Tom Scavo

URL:
Keywords:

Depends on:
Blocks:	4133
	Show dependency tree / graph

Reported:	2008-10-27 10:01 by Tom Scavo
Modified:	2008-11-03 09:26 (History)

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note

You need to log in before you can comment on or make changes to this bug.

Description From Tom Scavo 2008-10-27 10:01:43

GridShib for GT v0.5.x supported SAML V2.0 Metadata (for the purposes of
attribute query) but SAML V2.0 Metadata is not currently supported in GridShib
for GT v0.6.x (which doesn't support attribute query).  Toolkit-level support
for SAML V2.0 Metadata currently exists in globus-opensaml-1.1.jar.  Note that
support for SAML V2.0 Metadata does not require support for SAML V2.0 overall.

Add support for SAML V2.0 Metadata to GridShib for GT, and use the Metadata to
facilitate trust in attribute push.  This precludes the use of 1) the trusted
DNs metadata file (Bug 6427), and 2) the trusted scopes metadata file (Bug
6477), both of which are implemented as flat files.  With SAML V2.0, trusted
DNs and trusted scopes are bound to XML:

http://docs.google.com/Doc?id=ddj3qnj2_228hdzcdmhb

As seen in the above example, a nice by-product of SAML V2.0 Metadata is the
exposure of contact information required for the Science Gateway use case.

------- Comment #1 From Tom Scavo 2008-10-31 11:46:37 -------

While refactoring the EntityMap interface (Bug 6501), it became clear that that
interface is not able to accommodate SAML metadata.  For one thing, SAML
entities are mapped to roles in metadata, not to security bits such as DNs or
certificates.  The latter are role-specific.