Shibboleth Developers

1) IJ gave a status report on the two linux machines that  will 
become the Shib test/demo environment. Both machines are  installed, 
and  all of  the requested software (except for pubcookie) is 
installed and operational. He doesn't currently have ldap  running 
over  SSL;  Steve said that's not a  short term  requirement. He said 
he's encountered some problems with  pubcookie, and asked if Steve 
could refer him to a pubcokie expert. The Shib  team now needs to 
provide  some configuration  info (eg the name  of the ldap  root, 
user accounts on the  machines, etc).

AI - Steve to locate some pubcookie help
AI - Steve will email IJ and Scott  Cantor; IJ will create an 
account, and Scott will check out the linux boxes, to  see if 
anything needs to be changed.
AI - Steve will match up IJ and the Shib coding  teams, to  get 
answers to the configuration questions

DECISION - because of the problems  with  pubcookie, we decided to 
use Basic Auth initially, and  thus  get pubcookie off the critical 
path

2) CVS - the I2 team has begun  thinking about how to provide a CVS 
service to a broad cross  section of projects within I2 (going beyond 
just the  middleware area). Their current thinking is to provide each 
project  with its  own cvs service, all hosted on the same machine, 
but with a different root. Each project  would only see its own work. 
This approach would greatly simplify file  backup, etc.

Steve mentioned that he had just  received a document from  Walter 
Hoehn, containing  recommended cvs practices for  Shib.

AI - Steve will forward Walter's document  to the I2  team.

3) Initial Shib pilot. Steve had asked if LISTPROC was a  suitable 
candidate. Mike confirmed that Steve was really talking about lp-web 
(the web interface),and not LISTPROC itself. (insert  name here) 
described how lp-web currently does authentication and authorization.

	- authn  - it relies on the  web  sever to do  this. Usually 
implemented using  Basic Auth within the web  server.

	- authz - implemented within the  application, within lp-web. 
lp-web maintains a small berkeley db which contains userids, the 
lists they are authorized for, and the functions they are authorized 
for. (name) confirmed the current thinking that lp-web treats userids 
as opaque strings, and they could take the form "userid@domain" 
without breaking anything.

It was agreed to do the  initial  testing by installing LISTPROC and 
lp-web  on one of the Shib linux machines. If/when I2 technical staff 
get comfortable with  the Shibbolized lp-web, it  could be moved to 
the production mail machine.

4) Mike asked about interest in Solaris machines; there has been some 
discussion  with Sun  about this. Steve indicated that  Shib expected 
to be  supporting both linux and solaris, and  encouraged Mike to 
pursue this. This would also allow testing  with the iplanet DS 
server.
--
--

------------------------------------------------------mace-shib-design-+
For list utilities, archives, subscribe, unsubscribe, etc. please visit the
ListProc web interface at 

   http://archives.internet2.edu/

------------------------------------------------------mace-shib-design--