Shibboleth Team Meeting Notes: 05.23.2006 Attending: Digant Kasundra, Russ Allbery, Jon Pilat, Bruce Vincent, Quanah Gibson-Mount New Action Items: 5/23.1 Jon: Get .doc's of Adminguide 15.5 & 64 for Bruce 5/23.2 Bruce: Forward adminguide text revisions to shib-team (done) 5/23.3 Team: Review proposed changes to admin guide wording 5/24.4 Bruce: Followup with Casey on shib/Sakai meeting Open Action Items: 1/27.12 Scotty: submit reviewed patches back to shib project. (in progress) 2/6.1 Bruce: Write a position paper advocating the inclusion of shib as an approved authentication technology for people authenticating to stanford.edu services and a section on federated identity management/shib/cross-realm kerberos. Other authentication infrastructures must assert .stanford.edu These would be proposed as changes to Admin Guide 64 2/6.2 Bruce: Write a position paper advocating the creation of an office (or authority for an existing office) to be the party responsible for the assertion of Stanford's identity digitally. This position paper should also include a statement on how services/machines are authenticated as part of stanford.edu. This assertion is required for shibboleth to assert stanford.edu identity to external institutions and/or federations. 3/27.1 Scotty: Coordinate with Tim about shib'ed Moveable Type 4/10.9 Jon: Get approvals for ARP from ISO 4/10.10 Jon: Incorporate ARP onto the project website 4/24.1 Digant: Test (or coordinate testing) of Shib RPMs for RHEL 4/24.2 Russ: Review Q's SP Packaging (xmlsecurity-c in progress) 4/24.3 Russ: Package new version of SP for debian unstable 4/24.4 Russ: Upload new SP software to Debian 5/8.2 Scotty: Review USC code for ARP enforcement. 5/15.5 Scotty: Follow up with Hans in the med school 5/15.7 Q: Publish suPerson URNs (once registered) 5/15.8 Q: Add man page to shibd & siterefresh (required for Debian) 5/15.9 Q: Rebuild shib1 & 2 as idp1 & 2. Get real certs for web servers. Create load balanced names idp-ic and idp-iq (for InCommon and InQueue)(idp1-ic, idp2-ic, etc.)(in progress) 5/15.10 Scotty: Test IDP failover 5/15.11 Scotty: Test .htaccess tweaks for changing federations or for bilateral trust agreements and forward to shibboleth-team (pre-req for www-preview testing)(done?) 5/15.12 Q: Document install instructions for Solaris 5/15.13 Q: Document install instructions for Debian 5/15.14 Digant: Document install instructions for Red Hat 5/15.15 Scotty: Document configuration for Stanford shibboleth (pre-req for www-preview testing)(done) Deferred Action Items: 2/27.4 Bruce: Set up mtg w/Steve Jung & Eric (& Lauren/Susan Weinstein) once 2/6.2 writeup is complete. 3/27.2 Scotty: Put shib'ed web software on the shib service website 3/27.5 Russ: Send AFS web authentication presentation slides to shib-team for review. (once written) Key Dates: Draft Policy Modifications for Shibboleth 5/15(*) Move IdP to production (unpackaged) 6/1 Join InCommon Federation 6/1 (done) Coordinate with External SP (nyu?) 6/15 Complete SP Kit Documentation 6/15 Deploy shibboleth on www.stanford.edu 7/1 Package IdP Software 7/15 -> 8/31 Document Process for Joining Federations 8/1 Website for SP applications 8/31 (*) date at risk/missed Notes: Until the wallet is in production, Bruce will escrow the InCommon certs onto cds. One for Russ, one for Bruce. In the wallet, we will gpg-encrypt items to be backed up. We may want to build a ID mgmt. page for a statement about how we do auth and ID management. Something a little lower level than the admin guides. May be part of the shib services page. Proposed changes to the wording of admin guides 15.5 and 64 are complete--team to review. Documentation push to start soon. We need install instructions for Debian, Red Hat, and Solaris, as well as Stanford config for webservers. Also, we need documentation for how to set up your site on www.stanford.edu to use shib. Also, a brief "what is this and what does it do" section, along with an FAQ. Documentation will go through Bruce Campbell for beautification and wordsmithing, and will be maintained by the Unix team going forward in spin. Shib product manager (Russ) will vet future federation memberships, and a description of that process will be included as part of the docuementation.