OpenSAML user discussion

[Tom Scavo <>]

Globus Toolkit 4.0 bundles a hacked version of OpenSAML 0.8 (both C++
and Java).  We hope to upgrade that to something more reasonable in
the near future, but in the meantime, GridShib's dependency on
OpenSAML is increasing.  The next version of GridShib includes the
following requirements:

1. MyProxy will produce SAML 1.1 authentication assertions. 
(Currently, MyProxy has access to C++ OpenSAML 0.8 in GT4.)

2. GridShib for GT will consume the above authentication assertions. 
(Currently, GridShib for GT has access to Java OpenSAML 0.8 in GT4.)

3. GridShib for GT will consume SAML 2.0 metadata.

To accomplish the latter, we have temporarily "borrowed" the relevant
metadata bits from Shibboleth 1.3.

If this sounds confusing, it is (and only gets worse as time goes on),
and so we desperately want to simplify matters.  The problem is that
there are three related development paths in progress:

1) OpenSAML development (opensaml.org)
2) OpenSAML upgrade (globus.org/toolkit)
3) OpenSAML utilization (gridshib.globus.org)

The challenge is to synchronize these three development paths.  We
were hoping you could help by providing best-guess answers to these
questions:

- Will C++ OpenSAML 0.8 produce SAML 1.1 authentication assertions?
- Will Java OpenSAML 0.8 consume authentication assertions produced by
C++ OpenSAML 0.8?
- Will Java OpenSAML 1.1 consume authentication assertions produced by
C++ OpenSAML 0.8?
- Will a SAML 2.0 metadata library compatible with OpenSAML 1.1 be
provided?  If so, when?
- Will OpenSAML 2.0 produce and consume SAML 1.1 assertions?
- When will OpenSAML 2.0 beta be available for testing?

Thanks ever so much,
Tom