Shibboleth Team Meeting Notes: 05.15.2006 Attending: Digant Kasundra, Russ Allbery, Jon Pilat, Scotty Logan, Bruce Vincent, Quanah Gibson-Mount New Action Items: 5/15.1 Bruce: Purchase 2 1850s for production (specs from Digant) 5/15.2 Jon: Follow up about NYU streaming media shib w/Lois 5/15.3 Jon: Schedule time to sit down w/Bruce on 2/6.1 & 2 (done) 5/15.4 Scotty: Follow up with NYU streaming media folks 5/15.5 Scotty: Follow up with Hans in the med school 5/15.6 Scotty: Register a URN range with MACE for suPerson 5/15.7 Q: Publish suPerson URNs (once registered) 5/15.8 Q: Add man page to shibd & siterefresh (required for Debian) 5/15.9 Q: Rebuild shib1 & 2 as idp1 & 2. Get real certs for web servers. Create load balanced names idp-ic and idp-iq (for InCommon and InQueue)(idp1-ic, idp2-ic, etc.) 5/15.10 Scotty: Test IDP failover 5/15.11 Scotty: Test .htaccess tweaks for changing federations or for bilateral trust agreements and forward to shibboleth-team 5/15.12 Q: Document install instructions for Solaris 5/15.13 Q: Document install instructions for Debian 5/15.14 Digant: Document install instructions for Red Hat 5/15.15 Scotty: Document configuration for Stanford shibboleth Open Action Items: 1/27.12 Scotty: submit reviewed patches back to shib project. (in progress) 2/6.1 Bruce: Write a position paper advocating the inclusion of shib as an approved authentication technology for people authenticating to stanford.edu services and a section on federated identity management/shib/cross-realm kerberos. Other authentication infrastructures must assert .stanford.edu These would be proposed as changes to Admin Guide 64 2/6.2 Bruce: Write a position paper advocating the creation of an office (or authority for an existing office) to be the party responsible for the assertion of Stanford's identity digitally. This position paper should also include a statement on how services/machines are authenticated as part of stanford.edu. This assertion is required for shibboleth to assert stanford.edu identity to external institutions and/or federations. 3/27.1 Scotty: Coordinate with Tim about shib'ed Moveable Type 3/27.6 Scotty/Bruce: Talk to Casey/Rachel about shib for libraries 4/10.9 Jon: Get approvals for ARP from ISO, Bruce, AS (Minh?) 4/10.10 Jon: Incorporate ARP onto the project website 4/10.13 Q: Create Solaris stow packages for SP software. (done) 4/24.1 Digant: Test (or coordinate testing) of Shib RPMs for RHEL 4/24.2 Russ: Review Q's SP Packaging 4/24.3 Russ: Package new version of SP for debian unstable 4/24.4 Russ: Upload new SP software to Debian 5/8.2 Scotty: Review USC code for ARP enforcement. 5/8.4 Jon: Talk to Steven about getting Kevin or Jon Robertson to work on shib SP application website (done) Deferred Action Items: 2/27.4 Bruce: Set up mtg w/Steve Jung & Eric (& Lauren/Susan Weinstein) once 2/6.2 writeup is complete. 3/27.2 Scotty: Put shib'ed web software on the shib service website 3/27.5 Russ: Send AFS web authentication presentation slides to shib-team for review. (once written) Key Dates: Package Shibboleth SP Kit 5/1 (done) Test Shibboleth SP Kit internally 5/15 (new version to test) Draft Policy Modifications for Shibboleth 5/15(*) Move IdP to production (unpackaged) 6/1 Join InCommon Federation 6/1 (done?) Coordinate with External SP (nyu?) 6/15 Complete SP Kit Documentation 6/15 Deploy shibboleth on www.stanford.edu 7/1 Package IdP Software 7/15 -> 8/31 Document Process for Joining Federations 8/1 Website for SP applications 8/31(**) (*) date at risk Notes: Meetings are moving to weekly--check your calendars. Documentation push to start soon. We need install instructions for Debian, Red Hat, and Solaris, as well as Stanford config for webservers. Also, we need documentation for how to set up your site on www.stanford.edu to use shib. Also, a brief "what is this and what does it do" section, along with an FAQ. Documentation will go through Bruce Campbell for beautification and wordsmithing, and will be maintained by the Unix team going forward in spin. InCommon contract is marked as "completed" in Delphi. We're pretty sure that means it went through. However, nobody's been notified explicitly and there was a distinct lack of triumphal music. We're going to split up the dev boxen into multiple VMs, and the new hardware we're ordering will be 32-bit production to match the 32 bit hardware we already have. Shib product manager (Russ) will vet future federation memberships, and a description of that process will be included as part of the docuementation.