Shibboleth Team Meeting Notes: 8.10.2006 Attending: Scotty Logan, Jon Pilat, Russ Allbery, Bruce Vincent, Kevin Hall New Action Items: 8/10.1 Scotty: Configure MySQL for idp2 8/10.2 Scotty: Export the schema we're using internally and document 8/10.3 Q/DK: Rename shib-config to stanford-shibboleth 8/10.4 Scotty: test multiple apaches, one shibd for SUL 8/10.5 Jon: Talk to finance about rates for InCommon certs Open Action Items: 5/8.2 Scotty: Review USC code for ARP enforcement (w/our visibility settings) 5/30.1 Q: Coordinate with Hua/jcr about installing shib on www-preview with InCommon membership 5/30.3 Q: Build makefile installer for shibd/siterefresh man pages 7/18.4 Q: Create a stanford-shibboleth package with metadata script and shibboleth.xml generation script. 7/24.5 BV: Forward the good pages on shibboleth from the I2 site 7/24.6 DK: Put flash presentations on the project site. 7/31.1 Q: Create stanford-shibboleth stow package for Solaris 7/31.2 DK: Create stanford-shibboleth RPM for Red Hat 7/31.4 Scotty: Test how shib handles failed MySQL server 8/4.1 Scotty: Document standard schemas for different federations Deferred Action Items: 4/24.2 Russ: Review Q's OpenSAML, mod_shib packaging (xmlsecurity-c done) 4/24.3 Russ: Package new version of OpenSAML, mod_shib for debian unstable (xmlsecurity-c done) 4/24.4 Russ: Upload OpenSAML, mod_shib software to Debian (xmlsecurity-c done) Key Dates: Complete SP Kit Documentation 6/15(*) Code complete on SP application website 8/7 (done) Deploy shibboleth on www.stanford.edu 7/1 -> 8/31 Package IdP Software 7/15 -> 8/31(*) Document Process for Joining Federations 8/1 Website for SP applications 8/31 (*) date at risk/missed Notes: Scotty (and maybe Jon) will meet with SUL on Monday to configure an SP on their portal server. Spec for "Website for SP applications" (Kevin) cgi script that collects: SUNetID of requester PTA/Acct info. (validation of PTA authority an open issue) (javascript off of which federation is chosen) Hostname (validates) Department owning the request Description of the application/use of shib Drop down of which federation Take either a cert or a csr (InCommon requires csr, test-shib cert) Sends mail to a role address to process the requests Validate cert or csr (for InCommon) lifecycle script that: tells users that their certs are going to expire contacts a department contact if there is no action Audiences for Shib websites: + Managers who want an overview of how shib fits into their life + People who have to use shib and want to make it happen and test it + People with web content who are looking at options (shib vs. webauth) + People who are handling multi-realm authentication and need to understand how shib handles that. stanford-shibboleth packages should include: + Scotty's program + config for the program + cert for signed XML + script for cron and/or instructions to have a cron entry Kevin's tool is at: tools/cgi-bin/shibboleth-request. Please review. DDD can help with any of the javascript bits. Quanah is coordinating with www-team to get shib onto the www's for their 9.4 release.