Shibboleth Developers

["Tom Dopirak" <>]

 All,

During the last call we proposed a phased implementation of SHIB. This note
documents what I remember being said. Please make allowances for the fact
that I think in terms of the Origin. Scott and Sridar please help me fill in
specifics for the other parts.

We are working on an interaction diagram similar to what Sridhar produced
for the HS and AA but won't have it for the next call.


Phase 1 - Basic Framework

This phases provides the framework for further work. We'll implement
placeholders for all the major parts of the implementation so that we can
replace individual pieces as work progresses. This will save everybody from
having to construct a test environment and will force us to get our
development environments up and reachable on the net.

 All the URL redirection parts are implemented so that the flow from browser
to webserver to shire to browser  etc occurs. The data that is exchanged
will be fixed - the WAYF always directs to the same place, the HS always
returns the same values , the AA always returns the same fixed attributes.  

We'll need to arbitrarily decide - URLS or the various components, more
formal interfaces to Scott's stuff etc.

Phase 2 - Solidify the Handle server , give the AA a heartbeat

At the end of phase 2 we should have more or less a functioning  SHIRE and
Handle Server. The Handle server will supply "real handles" along with a
backend process to expire them. The HS will provide the framework for user
authentication ( using a standard J2EE or uPortal API???) and the actual
code for redirection to pubCookie. 

The Attribute Authority will advance to the point that it will be able to
fetch attributes stored in JDBC/SQL accessible database. We will also apply
a single system ARP that is stored the database. There will be no UI, no per
user ARPs and no real work on a general structure for "get attribute"
plug-in.


Phase 3 - Solidify the Attribute Authority

At the end of this phase the attribute authority will have all the work done
for being able to plug-in different methods for retrieving attributes.
Hopefully we can verify that we can fetch attributes using underlying Java
interfaces like JDBC, JNDI as well as anything user-defined. At this point
the Internet 2 UI for managing ARPs should also work. The SHAR should be
fully functional .

Do we need a version of pubCookie at cmu that uses Internet 2 graphics and
holds Internet 2 identities or can we fake this as well using Mysql?

<<attachment: winmail.dat>>