Shibboleth Developers

*MACE-Shibboleth Design Conference Call*
November 12, 2001

*Participants*

Scott Cantor -- OSU (chair)
Marlena Erdos -- IBM/Tivoli
Renee Frost -- Michigan/Internet2
Barbara Jensen -- CMU
Sridhar Muppidi -- IBM/Tivoli
Russell Yount -- CMU
Nate Klingenstein -- Internet2(scribe)

*Discussion*

Handle Service Interaction

        The phases for design looked "pretty good" to Scott, who would only
add something about the interface between the handle service and local
authentication.  His expectation based on his own hopes for ease of
integration was to keep the interaction with the local authentication
service as precisely contained with interactions with the service as
possible.  He wanted to use the most simple approach and document only some
sort of requirement for what the handle service needs delivered to it as a
clean point of separation.  It would be in his view a simple modification
to pass an additional parameter from the web server module to the
authentication system to mention something Shibboleth is doing or needs.
There is a number of variables to be passed here, but omitted from current
drafts was one specifying the length of time the authentication is good
for.  This signalling to relying applications by a WebISO system of how
long the login might be good for is already general practice.

Machines and Phases

        The breakdown of phases seemed appropriate to the group in that it
required less interaction in the busy month of December.  The system of
creating relatively well-defined API's and only mockups of other components
offered the best way of continuing work during this timeframe, using the
dummy models of other components to help with testing.  There were a few
concerns that the schedule presented could be a little aggressive, but all
parties involved expressed a degree of confidence that they could meet it,
despite some additional reservations that the January date for overall
completion might be too soon.
        Ken Klingenstein of Colorado and Internet2 responded to questions
about acquisition of Internet2 machines for testing purposes by saying that
providing Solaris machines would not be a problem.  The group resolved to
use GCC and other GNU variants and stay away from proprietary software.
Versions 2.8 of Solaris and Tomcat 3.2 for Java were also agreed on.  Scott
thought that the sooner the machines could be available, the better, and if
these were available quickly enough then they could be used for initial
testing; otherwise, testbeds at CMU, etc. would be considered.

Redirection

        The group also wasn't certain exactly how to perform the client
redirection, which can be done within the HTML code or within the HTTP
protocol itself.  Nobody was really aware of the niceties of the browsers
and which sort of redirect had a better chance of uniform compatibility.
Scott thought that HTTP was likely to be better, but was not certain of
this, and it is the implementors of the particular Shibbolized resource who
design this redirection anyway.  The initial recommendation of the group
was to use HTTP, however.


--

------------------------------------------------------mace-shib-design-+
For list utilities, archives, subscribe, unsubscribe, etc. please visit the
ListProc web interface at 

   http://archives.internet2.edu/

------------------------------------------------------mace-shib-design--