I unfortunately don't know much yet about Rampart, but apparently it already incorporates openSAML (see second question/response here: http://wso2.org/library/695 .) Since you are interested in security I would guess you should be using Rampart immediately anyway, because you would want to encrypt the username/password, etc., correct?
Glen Am Freitag, den 15.06.2007, 16:36 -0400 schrieb [EMAIL PROTECTED]: > Hi, > > I'm working on a single-sign-on service for our organization's intranet. The > idea an application can send a username, and password and application > identifier to the service, and the service responds with a list of > permissions that the user has for the particular application. > > Just to get started, I created a service that returns a string from which I > can parse out what I need. But I'm wondering if I could gain anything (such > as greater interoperability) by using a standard such as SAML to represent a > user and his/her permissions. > > I see that there is a framework for working with SAML: > http://www.opensaml.org/ > > Does this sound reasonable or am I heading in the wrong direction? Will I end > up with a schema nightmare if I return a SAML xml document as a service > payload? BTW, I plan on writing the client and server by hand, because later > I will probably want to add rampart and have more control over headers and > stuff. > > Thanks > Michael Davis > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
