From: wassa
Date: Thu, 19 Jun 2003 19:31:30 +0000 (+0000)
Subject: More documentation fixes from Steven.
X-Git-Tag: 2.4~2320
X-Git-Url: http://www.project-moonshot.org/gitweb/?p=shibboleth%2Fsp.git;a=commitdiff_plain;h=107d3b714cbd1b2ae9d760d0f2528e8e91507d58
More documentation fixes from Steven.
git-svn-id: https://svn.middleware.georgetown.edu/cpp-sp/trunk@531 cb58f699-b61c-0410-a6fe-9272a202ed29
---
diff --git a/doc/DEPLOY-GUIDE-ORIGIN.html b/doc/DEPLOY-GUIDE-ORIGIN.html
index 6f937ad..ee8a040 100644
--- a/doc/DEPLOY-GUIDE-ORIGIN.html
+++ b/doc/DEPLOY-GUIDE-ORIGIN.html
@@ -173,58 +173,89 @@ font-color: #121212;
implementation of the architectural document, functional
enhancements, and user interface improvements.
- Functionality which has been added since the previous
- version (v0.8) includes:
-
-
- -
-
Various improvements to error handling. Origin sites are now
- able to supply a URL to a federation for users to be referred to
- when Shibboleth encounters a problem. Targets will be able to
- utilize this URL in error templates.
-
-
- -
-
The SHAR may now store its session and attribute cache in a
- back-end database in addition to the previously available
- in-memory option. The method by which sites.xml is refreshed has been
- modified to improve robustness.
-
-
- -
-
Attribute acceptance policies have been greatly enhanced,
- with filtering of attribute values by sites supported.
-
-
- -
-
OpenSAML now populates AuthType element in the SAML Subject
- element using a value specified by origin sites using a
- configuration directive. This value describes the type of
- authentication mechanism used at the origin site(e.g. Kerberos,
- PKI, etc.). This value is made available on the target side as
- another variable that may be used in authorization
- decisions.
-
-
- -
-
Origin sites whose HS certificate is not signed by one of a
- federation's trusted roots are able to provide that federation
- with the certificate; this cert can now be stored in the sites
- metadata, and targets will be able to use this certificate to
- validate the HS' signature.
-
-
- -
-
The AA implementation has been improved with a powerful
- attribute resolver. This should greatly simplify the process of
- configuring the AA to support additional general attributes,
- while Java classes may still be written for more complex
- evaluations.
-
-
-
+ Major New Features - 1.0
+ This new release contains many improvements and enhancements, including:
+
+ Federation Support
+
+ -
+ Federation and trust support has been substantially extended. Federation
+ structures are now defined. The set of metadata collected and managed
+ by each Federation is more fully defined. The configuration values
+ assigned by a Federation are now identified.
+
+ -
+ There is some support for targets to be members of multiple federations;
+ this support will continue to evolve. When a browser user arrives,
+ a target will determine which federation their origin belongs to,
+ and then use the trust fabric associated with that Federation.
+
+ -
+ Better support for flexible and bilateral trust agreements. A key
+ specific to an origin site can be used to vallidate its signature.
+
+
+
+ -
+ This version contains a significantly more mature security implementation,
+ and should meet the security requirements of typical sites.
+
+
+
+ Origin
+
+
+ - The Attribute Authority has a powerful new attribute resolver.
+ Simple scenarios (using a string attribute stored in ldap) can be
+ accomplished by merely editing a configuration file. Java classes
+ may still be written for more complex evaluations (eg retrieving information
+ from multiple disparate repositories, and computing the SAML attribute
+ using business rules). This should greatly simplify the process of
+ configuring the AA to support additional general attributes.
+
+
+
+ Target
+
+ - Significantly more flexibility in configuring targets to ensure
+ robustness. Failover and redundant configurations are now supported.
+
+
+ - The SHAR may now optionally store its session and attribute
+ cache in a back-end database in addition to the previously available
+ in-memory option. This would allow a site to run an apache server
+ farm, with multiple SHARs, supporting the same set of sessions.
+
+ - Federation supplied files (sites.xml and trust.xml) are now
+ refreshed in a much more robust manner.
+
+
+
+
+ - Attribute acceptance policies have been greatly enhanced, and now
+ supports filtering of attribute values by sites.
+
+ - The SHAR can be configured to request specific attributes from the
+ Origin.
+
+
+ Miscellaneous
+
+ - Origin sites can configure a value to describe the type of authentication
+ mechanism used at the origin site(e.g. password, Kerberos, PKI, etc.).
+ This value is made available on the target side as Shib-Authentication-Method.
+
+
+ - Various improvements to error handling. Origin sites are now able
+ to supply an "error URL" and contact information to a federation.
+ When a target encounters an error, it can include this information
+ in the error page.
+
+
+ - Local time string values are now used in log files.
+
+ - Internationalization support has been extended.
+
Before starting, please sign up for all applicable
@@ -372,6 +403,7 @@ font-color: #121212;
certificate/key pairs between Apache and Java
keystores (optional)
The Attribute Resolver
+ Local Error Page
@@ -2407,6 +2439,20 @@ font-color: #121212;
There are additional examples of resolver.xml files provided in the Shibboleth CVS.
+
+ 5.d. Local Error Page
+
+ Origin sites are encouraged to provide federations with the
+ URL of a local Shibboleth error page. If a browser user from the
+ origin site encounters a problem at a shibbolized target, the target
+ is likely to display an error page that includes a link back to this
+ origin provided page.
+
+ The page should provide information on how to obtain local support
+ for using Shibbolized resources. It might also include suggestions on
+ what information should be recorded before beginning the problem
+ resolution process.
+
diff --git a/doc/DEPLOY-GUIDE-TARGET.html b/doc/DEPLOY-GUIDE-TARGET.html
index 37628c3..5fb3990 100644
--- a/doc/DEPLOY-GUIDE-TARGET.html
+++ b/doc/DEPLOY-GUIDE-TARGET.html
@@ -2,7 +2,10 @@
- Shibboleth Target Deployment Guide
+
+
+ Shibboleth Origin Deployment Guide