Shibboleth Team Meeting Notes: 8.4.2006 Attending: Scotty Logan, Jon Pilat, Russ Allbery , Digant Kasundra, Kevin Hall, Quanah Gibson-Mount New Action Items: 8/4.1 Scotty: Document standard schemas for different federations 8/4.2 Q: Rebuild idp2 with Scotty's WAR file 8/4.3 Scotty: Forward what we did to submit to InCommon Open Action Items: 5/8.2 Scotty: Review USC code for ARP enforcement (w/our visibility settings) 5/15.13 Q: Document install instructions for Debian (include sources.list) 5/23.1 BV: Get .doc's of Adminguide 15.5 & 64 5/30.1 Q: Coordinate with Hua/jcr about installing shib on www-preview with InCommon membership 5/30.3 Q: Build makefile installer for shibd/siterefresh man pages 6/19.2 BV: Talk to Eric and Susan about next steps for AG work (cc team) 7/18.4 Q: Create a stanford-shibboleth package with metadata script and shibboleth.xml generation script. 7/24.3 Q: Update idp build template to include Scotty's new WAR file 7/24.5 BV: Forward the good pages on shibboleth from the I2 site 7/24.6 DK: Put flash presentations on the project site. 7/24.7 DK: Update flash presentations to have Stanford-specific content 7/31.1 Q: Create stanford-shibboleth stow package for Solaris 7/31.2 DK: Create stanford-shibboleth RPM for Red Hat 7/31.4 Scotty: Test how shib handles failed MySQL server Deferred Action Items: 4/24.2 Russ: Review Q's OpenSAML, mod_shib packaging (xmlsecurity-c done) 4/24.3 Russ: Package new version of OpenSAML, mod_shib for debian unstable (xmlsecurity-c done) 4/24.4 Russ: Upload OpenSAML, mod_shib software to Debian (xmlsecurity-c done) Key Dates: Complete SP Kit Documentation 6/15(*) Code complete on SP application website 8/7 (done) Deploy shibboleth on www.stanford.edu 7/1 -> 8/31 Package IdP Software 7/15 -> 8/31(*) Document Process for Joining Federations 8/1 Website for SP applications 8/31 (*) date at risk/missed Notes: Spec for "Website for SP applications" (Kevin) cgi script that collects: SUNetID of requester PTA/Acct info. (validation of PTA authority an open issue) Hostname (validates) Department owning the request Description of the application/use of shib Drop down of which federation Take either a cert or a csr (InCommon requires csr, test-shib cert) Sends mail to a role address to process the requests Validate cert or csr (for InCommon) lifecycle script that: tells users that their certs are going to expire contacts a department contact if there is no action Audiences for Shib websites: + Managers who want an overview of how shib fits into their life + People who have to use shib and want to make it happen and test it + People with web content who are looking at options (shib vs. webauth) + People who are handling multi-realm authentication and need to understand how shib handles that. Kevin's tool is at: tools/cgi-bin/shibboleth-request. Please review. MySQL service does use bi-directional replications--we want to switch over. Need to determine lifecycle for ARPs--can we group them by sponsoring organization and send an annual report? Quanah is coordinating with www-team to get shib onto the www's for their 9.4 release.