Shibboleth Team Meeting Notes: 7.18.2006 Attending: Russ Allbery, Jon Pilat, Bruce Vincent, Scotty Logan, Digant Kasundra New Action Items: 7/18.1 Scotty: Create script to give the correct shibboleth.xml file based on which federations are joined by an SP 7/18.2 Russ: Add Scotty to the debian build acl, send remctl syntax 7/18.3 Scotty: Build debian virtual machine for Q to build shib-sp 1.3e 7/18.4 Q: Create a stanford-shibboleth package with metadata script and shibboleth.xml generation script. 7/18.5 Scotty: Create plan for SAML artifact exchange between load-balanced IDP's 7/18.6 Jon: Contact Lois/Jerry/Tom about library-based SP Open Action Items: 5/8.2 Scotty: Review USC code for ARP enforcement 5/15.13 Q: Document install instructions for Debian (include sources.list) 5/15.14 Digant: Document install instructions for Red Hat (add more explicit what-to-do for folks downloading from shib site) 5/15.15 Scotty: Document configuration for Stanford shibboleth webserver (forward doc to shibboleth-team@lists) 5/23.1 BV: Get .doc's of Adminguide 15.5 & 64 5/30.1 Scotty: Coordinate with Hua/jcr about installing shib on www-preview with InQueue membership 5/30.3 Q: Build makefile installer for shibd/siterefresh man pages 6/19.2 BV: Talk to Eric and Susan about next steps for AG work (cc team) 6/19.4 Q: Repackage SP 1.3e for Debian 7/11.6 Jon: Set up www/services/shibboleth 7/11.8 Russ: Talk to Hua/JCR about 1.3e debian package (prereq for www) 7/11.10 Scotty: 1 year vs. 2 year InCommon certs--tell Kevin 7/11.11 Scotty: document configuration for joining the various federations Deferred Action Items: 3/27.2 Scotty: Put shib'ed web software on the shib service website 4/24.2 Russ: Review Q's OpenSAML, mod_shib packaging (xmlsecurity-c done) 4/24.3 Russ: Package new version of OpenSAML, mod_shib for debian unstable (xmlsecurity-c done) 4/24.4 Russ: Upload OpenSAML, mod_shib software to Debian (xmlsecurity-c done) Key Dates: Complete SP Kit Documentation 6/15(*) Deploy shibboleth on www.stanford.edu 7/1 -> 8/31 Package IdP Software 7/15 -> 8/31 Document Process for Joining Federations 8/1 Website for SP applications 8/31 (*) date at risk/missed Notes: Spec for "Website for SP applications" (Kevin) cgi script that collects: SUNetID of requester PTA/Acct info. (validation of PTA authority an open issue) Hostname (validates) Department owning the request Description of the application/use of shib Drop down of which federation Take either a cert or a csr (for InCommon) Sends mail to a role address to process the requests cert creation/validation script that: Turns a csr into a cert (for InCommon) Mail the user useful things lifecycle script that: tells users that their certs are going to expire contacts a department contact if there is no action We can't have generic IDs for InCommon. Eventually we will have Russ and either Digant or Quanah as technical contacts, and Bruce as an administrative contact. In the meantime, Russ and Scotty will be technical contacts. We're ready to approach the libraries about getting one of their SP's up and running. Scotty and Digant will meet with them once they've identified a website to use. idp builds are mostly automated. There is still a little manual work to do getting the MySQL service set up, but once we transfer to the centrally provided service, we should have completely automated builds. Scotty is talking to Scott about changing the way Shib does http headers (make them environment variables, like WebAuth does) in Shib2. He seems receptive to the idea and we're pointing him at the appropriate source in WebAuth. Need to determine lifecycle for ARPs--can we group them by sponsoring organization and send an annual report? Bruce is taking over the policy intiative and will be following up with Eric and Susan about next steps for changes to the admin guide to support federated identity management and digital representations of Stanford. This effort will take far longer than the project is supposed to last.