Attending: Russ Allbery, Scotty Logan, Bruce Vincent, Quanah Gibson-Mount, 
    Digant Kasundra, Jon Pilat

New Action Items:

  2/10.1   Scotty: Send java code to mhart@stanford.edu for review
  2/10.2   Q: Talk to Lynn about shib attribute mappings and ARPs
  2/10.3   Jon: Find reviewer for stored procedure code
  2/10.4   Bruce: Determine admin contact for InCommon membership
  2/10.5   Bruce: Complete InCommon federation application
  2/10.6   Xueshan/Scotty: Migrate YahooMusic off of shib1 and onto tools.
  2/10.7   Digant: Talk to Sandy/Steven about getting invovled with
             the library-side shib pilot as a client support sysadmin.

Open Action Items:

  1/27.9   Q: package IDP software (after mod_shib work) (debs)
  1/27.10  Q: package mod_shib--deb, then stow/rpm<?>
  1/27.12  Scotty: submit reviewed patches back to shib project.
  1/27.13  Russ: change lb-name to point to shib2 for now.
  1/27.14  Q: update build template (/afs/ir/service/auth/shib/) for shib
             machines.  most of what is there currently isn't needed.
  2/6.1    Bruce: Write a position paper advocating the inclusion of shib
             as an approved authentication technology for people
             authenticating to stanford.edu services and a section on
             federated identity management/shib/cross-realm kerberos.
             These would be proposed as changes to Admin Guide 64 (3/1)
  2/6.2    Bruce: Write a position paper advocating the creation of an
             office (or authority for an existing office) to be the party
             responsible for the assertion of Stanford's identity
             digitally.  This position paper should also include a
             statement on how services/machines are authenticated as part
             of stanford.edu.  This assertion is required for shibboleth
             to assert stanford.edu identity to external institutions
             and/or federations. (early March)
  2/6.3    Eric: Replace "authentication service" with "authentication
             services" in the sentence: "However, system owners are
             strongly encouraged to rely on the authentication services
             provided by Stanford's central computing organization rather
             than using system-specific authentication methods" in AG
             64.1, 2nd paragraph.

Notes:

System Configuration for IDP: We're going use local MySQL 5 until the central
MySQL service is upgraded to v5.  Tomcat4 and Java 1.4.2 until the next
Debian stable is released (especially given ongoing problems with Kerberos
and Java 1.5).

Bruce is proceeding with purchasing InCommon membership as soon as
possible.  Jon will provide PTA as needed.

Moving Yahoo Music signup off of Shib1 as soon as possible is a priority,
as that's the machine the Q will use to work on packaging the shib
software.

Quanah, with Russ as support, will package mod_shib and any non-Debian
dependencies, which Russ will then upload into debian proper, with either
him or Quanah as maintainer.

IDP packaging work will happen parallel with the initial systems work for
Library shib users.  Initially, we'll use a hand-installed (non-packaged)
IDP similar to what's on Shib2 now.

Shib2 is up and has a functional IDP on it.