Shibboleth Team Meeting Notes: 4.10.2006 Attending: Bruce Vincent, Quanah Gibson-Mount, Digant Kasundra, Russ Allbery, Jon Pilat New Action Items: 4/10.1 Q: repackage mod_shib with shibd and other support files (4/12) 4/10.2 Bruce: Delegate OID Range for URNs for SPs. 4/10.3 Jon: Bug Minh about code review for shib patches. 4/10.4 Bruce: Send draft of 2/6.1 to shibboleth-team 4/10.5 Jon: Schedule time with Bruce to work on 2/6.2 4/10.6 Jon: Ask Eric about deadlines for position papers to get the admin guide update process going. 4/10.7 Jon: Talk to Account Managers about InCommon shib rates (non-WWW applications) 4/10.8 Q: Send draft ARP. 4/10.9 Jon: Get approvals for ARP from ISO, Bruce, AS (Minh?) 4/10.10 Jon: Incorporate ARP onto the project website 4/10.11 Scotty: Get IdP WAR file to Quanah 4/10.12 Digant: Package SP for RHEL 4/10.13 Q: Create Solaris stow packages for SP software. Open Action Items: 1/27.9 Q: package IDP software (after mod_shib work) (debs) 1/27.12 Scotty: submit reviewed patches back to shib project. (waiting on review from Minh) 1/27.14 Q: update build template (/afs/ir/service/auth/shib/) for shib machines. most of what is there currently isn't needed 2/6.1 Bruce: Write a position paper advocating the inclusion of shib as an approved authentication technology for people authenticating to stanford.edu services and a section on federated identity management/shib/cross-realm kerberos. These would be proposed as changes to Admin Guide 64 (3/31) 2/6.2 Bruce: Write a position paper advocating the creation of an office (or authority for an existing office) to be the party responsible for the assertion of Stanford's identity digitally. This position paper should also include a statement on how services/machines are authenticated as part of stanford.edu. This assertion is required for shibboleth to assert stanford.edu identity to external institutions and/or federations. (3/31) 2/27.4 Bruce: Set up mtg w/Steve Jung & Eric (& Lauren/Susan Weinstein) once 2/6.2 writeup is complete. 3/27.1 Scotty: Coordinate with Tim about shib'ed Moveable Type 3/27.2 Scotty: Put shib'ed web software on the shib service website 3/27.4 Jon: Coordinate with DDD or other doc writer about shib service website. If Unix Infrastructure is maintaining this going forwards, we probably want a spun website, with the doc writer providing the text but not the formatting/HTML. Check w/Joyce for Bruce Campbell's availablility. (in progress) 3/27.5 Russ: Send AFS web authentication presentattion slides to shib-team for review. (once written) 3/27.6 Scotty/Bruce: Talk to Casey about shib for Sakai (scheduled) 3/27.7 Scotty/Q: Figure out URNs for suPerson attributes 3/27.9 Q: Put OID mappings on the Directory website. 3/27.10 Bruce: Pay InCommon dues (InCommon application fee paid) Notes: Quanah has finished packaging all of the SP dependencies, and just needs to repackage shib itself to bring in shibd and some additional support files. He anticipates this will be done by the end of the day 4/12. After that, Russ will look over the packaging with an eye towards uploading the SP packages into Debian proper. Local testing: 1. Install SP software on shibboleth1 for internal testing (Quanah and JR/Van once he arrives) 2. Install SP software on www-preview for more broadly based testing (coordinate with SUL) IdP packaging for Debian is going to be a little trickier, and will happen in parallel with the beta testing of our Shibboleth installation. Currently, the IdP along with all of its supporting jars and files is put together in one large WAR file. Debian packaging standards would have us tease apart the IdP from its dependencies, and deal with each separately. Quanah and Russ will be working on this once Q is back from vacation. Bruce and Scotty met with Makoto, and they are interested in Shibbolizing Sakai. Meeting with Julian and Casey will be scheduled. ARP Docmentation--we need shib equivalents for WebauthPrivileged, WebauthGeneral, and anonymous access. Quanah to draft these, Jon will vet with relevant folks. Bruce is waiting to hear back from Lauren (OGC) on the language in the participation agreement for InCommon. That looks to be the last hurdle for InCommon participation. We will need 2 processes for getting shib certs into the hands of SPs once the service is made available. We can put the root cert into the Wallet and distribute non-InCommon certs directly from the wallet. We need to charge SPs for InCommon use (we pay $1K/year for 20 licenses), so that will need to go through something like the cert process we use for Comodo. Jon to confer with the Account Managers on billing.