Shibboleth Team Meeting Notes: 06.19.2006 Attending: Digant Kasundra, Russ Allbery, Jon Pilat, Bruce Vincent, Scotty Logan New Action Items: 6/19.1 Scotty: Investigate security between 2 load-balanced IdP's 6/19.2 BV: Talk to Eric and Susan about next steps for AG work (cc team) 6/19.3 DK: Recompile and sign shib RPMs for our RHNSAT channel 6/19.4 Q: Repackage SP 1.3e for Debian 6/19.4 Q: Rebuild and stow SP 1.3e for Solaris Open Action Items: 1/27.12 Scotty: submit reviewed patches back to shib project. (in progress) 4/10.9 Jon: Get approvals for ARP from ISO (re-ping tina) 4/10.10 Jon: Incorporate ARP onto the project website 5/8.2 Scotty: Review USC code for ARP enforcement (@camp shib) 5/15.9 Q: Rebuild shib2 as idp2. Get real certs for web servers. (idp1 done) 5/15.12 Q: Document install instructions for Solaris 5/15.13 Q: Document install instructions for Debian 5/15.14 Digant: Document install instructions for Red Hat 5/15.15 Scotty: Document configuration for Stanford shibboleth webserver (pre-req for www-preview testing--follow up with Jon Robertson) 5/23.1 BV: Get .doc's of Adminguide 15.5 & 64 for Bruce (was Jon) 5/23.3 Team: Review proposed changes to admin guide wording 5/30.1 Scotty: Coordinate with Hua about installing shib on www-preview with InQueue membership 5/30.3 Q: Build makefile installer for shibd/siterefresh man pages 5/30.4 Jon: Talk to Jay about shib machines in ECH's (in progress) 5/30.5 Scotty: Talk to Bruce Campbell about .htaccess files for shib Deferred Action Items: 3/27.2 Scotty: Put shib'ed web software on the shib service website 4/24.2 Russ: Review Q's OpenSAML, mod_shib packaging (xmlsecurity-c done) 4/24.3 Russ: Package new version of OpenSAML, mod_shib for debian unstable (xmlsecurity-c done) 4/24.4 Russ: Upload OpenSAML, mod_shib software to Debian (xmlsecurity-c done) Key Dates: Draft Policy Modifications for Shibboleth 5/15 (done) Coordinate with External SP 6/15 (done) Complete SP Kit Documentation 6/15(*) Deploy shibboleth on www.stanford.edu 7/1 -> 8/31 Package IdP Software 7/15 -> 8/31 Document Process for Joining Federations 8/1 Website for SP applications 8/31 (*) date at risk/missed Notes: OCLC demo went well for the libraries--they are pleased. Cryptoshib works for 2 virtual load-balanced IdPs using browser post. SAML assertions work less well. There is a vulnerability in shib 1.3d--we will package 1.3e and use that as our initial distribution of shib SP software. Bruce is taking over the policy intiative and will be following up with Eric and Susan about next steps for changes to the admin guide to support federated identity management and digital representations of Stanford. This effort will take far longer than the project is supposed to last. Russ is being mostly moved off of the Shibboleth project. All packaging deliverables for him are delayed until fall. We may want to build a ID mgmt. page for a statement about how we do auth and ID management. Something a little lower level than the admin guides. May be part of the shib services page. Lynn has expressed interest in being involved in the creation of such a page. This may be best served as part of the AS website.