Shibboleth Team Meeting Notes: 05.30.2006 Attending: Digant Kasundra, Russ Allbery, Jon Pilat, Bruce Vincent, Quanah Gibson-Mount, Scotty Logan New Action Items: 5/30.1 Scotty: Coordinate with Hua about installing shib on www-preview with InQueue membership 5/30.2 Scotty: Update InQueue metadata to use InCommon cert 5/30.3 Q: Build makefile installer for shibd/siterefresh man pages 5/30.4 Jon: Talk to Jay about installing shib machines in ECH's 5/30.5 Scotty: Talk to Bruce Campbell about .htaccess files for shib Open Action Items: 1/27.12 Scotty: submit reviewed patches back to shib project. (in progress) 2/6.1 BV: Write a position paper advocating the inclusion of shib as an approved authentication technology for people authenticating to stanford.edu services and a section on federated identity management/shib/cross-realm kerberos. Other authentication infrastructures must assert .stanford.edu These would be proposed as changes to Admin Guide 64 2/6.2 BV: Write a position paper advocating the creation of an office (or authority for an existing office) to be the party responsible for the assertion of Stanford's identity digitally. This position paper should also include a statement on how services/machines are authenticated as part of stanford.edu. This assertion is required for shibboleth to assert stanford.edu identity to external institutions and/or federations. 3/27.1 Scotty: Coordinate with Tim about shib'ed Moveable Type 4/10.9 Jon: Get approvals for ARP from ISO (BV & Minh have signed off) 4/10.10 Jon: Incorporate ARP onto the project website 4/24.1 Digant: Test (or coordinate testing) of Shib RPMs for RHEL (once machines are ready) 4/24.2 Russ: Review Q's OpenSAML, mod_shib packaging (xmlsecurity-c done) 4/24.3 Russ: Package new version of OpenSAML, mod_shib for debian unstable (xmlsecurity-c done) 4/24.4 Russ: Upload OpenSAML, mod_shib software to Debian (xmlsecurity-c done) 5/8.2 Scotty: Review USC code for ARP enforcement 5/15.5 Scotty: Follow up with Hans in the med school 5/15.7 Q: Publish suPerson URNs on directory website 5/15.9 Q: Rebuild shib2 as idp2. Get real certs for web servers. (idp1 done) 5/15.10 Scotty: Test IDP failover (once 5/15.9 is done) 5/15.12 Q: Document install instructions for Solaris 5/15.13 Q: Document install instructions for Debian 5/15.14 Digant: Document install instructions for Red Hat 5/15.15 Scotty: Document configuration for Stanford shibboleth (pre-req for www-preview testing) 5/23.1 Jon: Get .doc's of Adminguide 15.5 & 64 for Bruce 5/23.3 Team: Review proposed changes to admin guide wording Deferred Action Items: 2/27.4 BV: Set up mtg w/Steve Jung & Eric (& Lauren/Susan Weinstein) once 2/6.2 writeup is complete. 3/27.2 Scotty: Put shib'ed web software on the shib service website 3/27.5 Russ: Send AFS web authentication presentation slides to shib-team for review. (once written) Key Dates: Draft Policy Modifications for Shibboleth 5/15(*) Move IdP to production (unpackaged) 6/1 Coordinate with External SP 6/15 Complete SP Kit Documentation 6/15(*) Deploy shibboleth on www.stanford.edu 7/1 Package IdP Software 7/15 -> 8/31 Document Process for Joining Federations 8/1 Website for SP applications 8/31 (*) date at risk/missed Notes: Scotty handed out escrow cds of the InCommon cert, key and csr to Russ and Bruce. InCommon certs have also been placed on idp1. IdP machine template completed--Quanah and Scotty will test. Once Sakai is ready to go, Scotty doesn't think shib integration will be that difficult, since Sakai as deployed by Stanford already can do webauth. The standalone version of Sakai would require more work. Working with OCLC and dram.nyu.edu as pilot remote SP's for shib. OCLC's shib guys are on vacation this week--we'll pick up with them the week of the 6/5. We may want to build a ID mgmt. page for a statement about how we do auth and ID management. Something a little lower level than the admin guides. May be part of the shib services page.