Shibboleth Team Meeting Notes: 06.05.2006 Attending: Digant Kasundra, Russ Allbery, Jon Pilat, Quanah Gibson-Mount, Scotty Logan New Action Items: 6/5.1 Scotty: Test cryptoshib profile 6/5.2 Q: Check in POD source/remove generated man pages 6/5.3 Q: Update keyring handling for shib1&2 (/etc/webauth/dist-keyring & add host princ. of master in root .klogin on slave) 6/5.4 Q: Make tomcat4 user the owner of service.shibboleth & metadata 6/5.5 Q: Put metadata in subdir owned by tomcat4 Open Action Items: 1/27.12 Scotty: submit reviewed patches back to shib project. (in progress) 2/6.1 BV: Write a position paper advocating the inclusion of shib as an approved authentication technology for people authenticating to stanford.edu services and a section on federated identity management/shib/cross-realm kerberos. Other authentication infrastructures must assert .stanford.edu These would be proposed as changes to Admin Guide 64 2/6.2 BV: Write a position paper advocating the creation of an office (or authority for an existing office) to be the party responsible for the assertion of Stanford's identity digitally. This position paper should also include a statement on how services/machines are authenticated as part of stanford.edu. This assertion is required for shibboleth to assert stanford.edu identity to external institutions and/or federations. 3/27.1 Scotty: Coordinate with Tim about shib'ed Moveable Type (send patch) 4/10.9 Jon: Get approvals for ARP from ISO (discussions ongoing) 4/10.10 Jon: Incorporate ARP onto the project website 4/24.1 Digant: Test (or coordinate testing) of Shib RPMs for RHEL (once machines are ready) 4/24.2 Russ: Review Q's OpenSAML, mod_shib packaging (xmlsecurity-c done) 4/24.3 Russ: Package new version of OpenSAML, mod_shib for debian unstable (xmlsecurity-c done) 4/24.4 Russ: Upload OpenSAML, mod_shib software to Debian (xmlsecurity-c done) 5/8.2 Scotty: Review USC code for ARP enforcement 5/15.9 Q: Rebuild shib2 as idp2. Get real certs for web servers. (idp1 done) 5/15.10 Scotty: Test IDP failover (once 5/15.9 is done) 5/15.12 Q: Document install instructions for Solaris 5/15.13 Q: Document install instructions for Debian 5/15.14 Digant: Document install instructions for Red Hat 5/15.15 Scotty: Document configuration for Stanford shibboleth webserver (pre-req for www-preview testing) 5/23.1 Jon: Get .doc's of Adminguide 15.5 & 64 for Bruce (in progress) 5/23.3 Team: Review proposed changes to admin guide wording 5/30.1 Scotty: Coordinate with Hua about installing shib on www-preview with InQueue membership 5/30.2 Scotty: Update InQueue metadata to use InCommon cert (in progress) 5/30.3 Q: Build makefile installer for shibd/siterefresh man pages 5/30.4 Jon: Talk to Jay about shib machines in ECH's (in progress) 5/30.5 Scotty: Talk to Bruce Campbell about .htaccess files for shib Deferred Action Items: 3/27.2 Scotty: Put shib'ed web software on the shib service website 3/27.5 Russ: Send AFS web authentication presentation slides to shib-team for review. (once written) Key Dates: Draft Policy Modifications for Shibboleth 5/15(*) Move IdP to production (unpackaged) 6/1 (done) Coordinate with External SP 6/15 Complete SP Kit Documentation 6/15(*) Deploy shibboleth on www.stanford.edu 7/1 -> 8/31 Package IdP Software 7/15 -> 8/31 Document Process for Joining Federations 8/1 Website for SP applications 8/31 (*) date at risk/missed Notes: RedHat servers should be up and ready for testing by end-of-day 6/6. 64-bit AMD RPM's posted on shib site. Working with OCLC and dram.nyu.edu as pilot remote SP's for shib. OCLC's shib guys are on vacation this week--we'll pick up with them the week of the 6/5. We may want to build a ID mgmt. page for a statement about how we do auth and ID management. Something a little lower level than the admin guides. May be part of the shib services page.