Shibboleth Team Meeting Notes: 7.31.2006 Attending: Jon Pilat, Scotty Logan, Digant Kasundra, Kevin Hall, Quanah Gibson-Mount New Action Items: 7/31.1 Q: Create stanford-shibboleth stow package for Solaris 7/31.2 DK: Create stanford-shibboleth RPM for Red Hat 7/31.3 Scotty: Create generic shibboleth.xml file to use as the basis for the federation-specific munging script. 7/31.4 Scotty: Test how shib handles failed MySQL server 7/31.5 Q: Determine if MySQL service uses bi-directional replication 7/31.6 Scotty: Follow up with Ellen and Jon Lavigne about SUL SP Open Action Items: 5/8.2 Scotty: Review USC code for ARP enforcement (w/our visibility settings) 5/15.13 Q: Document install instructions for Debian (include sources.list) 5/23.1 BV: Get .doc's of Adminguide 15.5 & 64 5/30.1 Q: Coordinate with Hua/jcr about installing shib on www-preview with InCommon membership 5/30.3 Q: Build makefile installer for shibd/siterefresh man pages 6/19.2 BV: Talk to Eric and Susan about next steps for AG work (cc team) 7/11.11 Scotty: document configuration for joining the various federations 7/18.1 Scotty: Create script to give the correct shibboleth.xml file based on which federations are joined by an SP (in progress). 7/18.4 Q: Create a stanford-shibboleth package with metadata script and shibboleth.xml generation script. 7/24.2 Scotty: Create new WAR file that includes MySQL-based SAML assertions and the USC code for ARP enforcement. 7/24.3 Q: Update idp build template to include Scotty's new WAR file 7/24.5 BV: Forward the good pages on shibboleth from the I2 site 7/24.6 DK: Put flash presentations on the project site. 7/24.7 DK: Update flash presentations to have Stanford-specific content Deferred Action Items: 3/27.2 Scotty: Put shib'ed web software on the shib service website 4/24.2 Russ: Review Q's OpenSAML, mod_shib packaging (xmlsecurity-c done) 4/24.3 Russ: Package new version of OpenSAML, mod_shib for debian unstable (xmlsecurity-c done) 4/24.4 Russ: Upload OpenSAML, mod_shib software to Debian (xmlsecurity-c done) Key Dates: Complete SP Kit Documentation 6/15(*) Code complete on SP application website 8/7 Deploy shibboleth on www.stanford.edu 7/1 -> 8/31 Package IdP Software 7/15 -> 8/31(*) Document Process for Joining Federations 8/1 Website for SP applications 8/31 (*) date at risk/missed Notes: Spec for "Website for SP applications" (Kevin) cgi script that collects: SUNetID of requester PTA/Acct info. (validation of PTA authority an open issue) Hostname (validates) Department owning the request Description of the application/use of shib Drop down of which federation Take either a cert or a csr (InCommon requires csr, test-shib cert) Sends mail to a role address to process the requests Validate cert or csr (for InCommon) lifecycle script that: tells users that their certs are going to expire contacts a department contact if there is no action Audiences for Shib websites: + Managers who want an overview of how shib fits into their life + People who have to use shib and want to make it happen and test it + People with web content who are looking at options (shib vs. webauth) + People who are handling multi-realm authentication and need to understand how shib handles that. Need to determine lifecycle for ARPs--can we group them by sponsoring organization and send an annual report? IDP will get metadata through the metadata tool; SP's will use siterefresh, which should run daily. idp1 will be rebuilt in East ECH, freeing up the current idp1 to do shib development tasks. Quanah is coordinating with www-team to get shib onto the www's for their 9.4 release. Shib team meetings are moving to Thursday, 10am. There will be a meeting this Friday.