Shibboleth Team Meeting Notes: 7.24.2006 Attending: Russ Allbery, Jon Pilat, Bruce Vincent, Scotty Logan, Digant Kasundra, Kevin Hall, Quanah Gibson-Mount New Action Items: 7/24.1 Q: Update metadata download script to make sure all the files are in the right places. 7/24.2 Scotty: Create new WAR file that includes MySQL-based SAML assertions and the USC code for ARP enforcement. 7/24.3 Q: Update idp build template to include Scotty's new WAR file 7/24.4 Jon: Ping Eric about adminguide docs 7/24.5 BV: Forward the good pages on shibboleth from the I2 site 7/24.6 DK: Put flash presentations on the project site. 7/24.7 DK: Update flash presentations to have Stanford-specific content Open Action Items: 5/8.2 Scotty: Review USC code for ARP enforcement 5/15.13 Q: Document install instructions for Debian (include sources.list) 5/23.1 BV: Get .doc's of Adminguide 15.5 & 64 5/30.1 Scotty: Coordinate with Hua/jcr about installing shib on www-preview with InQueue membership 5/30.3 Q: Build makefile installer for shibd/siterefresh man pages 6/19.2 BV: Talk to Eric and Susan about next steps for AG work (cc team) 6/19.4 Q: Repackage SP 1.3e for Debian 7/11.11 Scotty: document configuration for joining the various federations 7/18.1 Scotty: Create script to give the correct shibboleth.xml file based on which federations are joined by an SP (in progress). This script will be run out of cron and figure out what federations an SP has certs for. 7/18.4 Q: Create a stanford-shibboleth package with metadata script and shibboleth.xml generation script. Deferred Action Items: 3/27.2 Scotty: Put shib'ed web software on the shib service website 4/24.2 Russ: Review Q's OpenSAML, mod_shib packaging (xmlsecurity-c done) 4/24.3 Russ: Package new version of OpenSAML, mod_shib for debian unstable (xmlsecurity-c done) 4/24.4 Russ: Upload OpenSAML, mod_shib software to Debian (xmlsecurity-c done) Key Dates: Complete SP Kit Documentation 6/15(*) Code complete on SP application website 8/7 Deploy shibboleth on www.stanford.edu 7/1 -> 8/31 Package IdP Software 7/15 -> 8/31(*) Document Process for Joining Federations 8/1 Website for SP applications 8/31 (*) date at risk/missed Notes: Spec for "Website for SP applications" (Kevin) cgi script that collects: SUNetID of requester PTA/Acct info. (validation of PTA authority an open issue) Hostname (validates) Department owning the request Description of the application/use of shib Drop down of which federation Take either a cert or a csr (InCommon requires csr, test-shib cert) Sends mail to a role address to process the requests cert creation/validation script that: Turns a csr into a cert (for InCommon) Mail the user useful things lifecycle script that: tells users that their certs are going to expire contacts a department contact if there is no action Audiences for Shib websites: + Managers who want an overview of how shib fits into their life + People who have to use shib and want to make it happen and test it + People with web content who are looking at options (shib vs. webauth) + People who are handling multi-realm authentication and need to understand how shib handles that. idp builds are mostly automated. There is still a little manual work to do getting the MySQL service set up and replicated, but once we transfer to the centrally provided service, we should have completely automated builds. Need to determine lifecycle for ARPs--can we group them by sponsoring organization and send an annual report?