Attending: Russ Allbery, Scotty Logan, Bruce Vincent, Quanah Gibson-Mount, 
    Digant Kasundra, Jon Pilat

New Action Items:

  2/27.1   Jon: Get Bruce shib pta (done)
  2/27.2   Scotty: Determine whether shib RPMs are Fedora or RHEL (done)
  2/27.3   Russ: Do lbcd switchover for shib2
  2/27.4   Bruce: Set up mtg w/Steve Jung & Eric once we have 2/6.2 writeup
  2/27.5   Scotty: Send shib code to mnguyen@stanford.edu
  2/27.6   Bruce: subscribe to guide-update@lists 

Open Action Items:

  1/27.9   Q: package IDP software (after mod_shib work) (debs)
  1/27.10  Q: package mod_shib--deb, then stow/rpm<?>
  1/27.12  Scotty: submit reviewed patches back to shib project.
  1/27.14  Q: update build template (/afs/ir/service/auth/shib/) for shib
             machines.  most of what is there currently isn't needed.
  2/6.1    Bruce: Write a position paper advocating the inclusion of shib
             as an approved authentication technology for people
             authenticating to stanford.edu services and a section on
             federated identity management/shib/cross-realm kerberos.
             These would be proposed as changes to Admin Guide 64 (3/6)
  2/6.2    Bruce: Write a position paper advocating the creation of an
             office (or authority for an existing office) to be the party
             responsible for the assertion of Stanford's identity
             digitally.  This position paper should also include a
             statement on how services/machines are authenticated as part
             of stanford.edu.  This assertion is required for shibboleth
             to assert stanford.edu identity to external institutions
             and/or federations. (3/20)
  2/6.3    Eric: Replace "authentication service" with "authentication
             services" in the sentence: "However, system owners are
             strongly encouraged to rely on the authentication services
             provided by Stanford's central computing organization rather
             than using system-specific authentication methods" in AG
             64.1, 2nd paragraph.
  2/10.2   Q: Talk to Lynn about shib attribute mappings and ARPs
  2/10.5   Bruce: Complete InCommon federation application (3/3)
  2/10.6   Xueshan/Scotty: Migrate YahooMusic off of shib1 and onto tools.


Notes:

www.stanford.edu (and possible cgi.stanford.edu) as an early shib SP.
We have some work to do to make sure that there is no interference with
WebAuth, but this could be a good shib playground.  We don't think there
is an attribute release issue--we'll set up the ARP for shib to be the
same as the ARP for WebAuth, which has been approved.

Bill Clebsch volunteered to be the "responsible party" for the InCommon
application.  He's going to run that by Randy, but we're assuming no
problem.

InCommon doesn't require an IDP address with the application--we can
supply that as the production IDP comes up.

Quanah expects to start on Shib packaging weak of 2/27

Digant has signoff from Steven to work with libraries as a client-side
sysadmin for Shib project.  He's waiting to hear back from Sandy (and
figure out what systems we're talking about here).

Moving Yahoo Music signup off of Shib1 as soon as possible is a priority,
as that's the machine the Q will use to work on packaging the shib
software.

Quanah, with Russ as support, will package mod_shib and any non-Debian
dependencies, which Russ will then upload into debian proper, with either
him or Quanah as maintainer.

IDP packaging work will happen parallel with the initial systems work for
Library shib users.  Initially, we'll use a hand-installed (non-packaged)
IDP similar to what's on Shib2 now.