Skip to Content.
Sympa Menu

shibboleth-dev - summary, 3/6/02 phone conversation with I2sysadmins

Subject: Shibboleth Developers

List archive

summary, 3/6/02 phone conversation with I2sysadmins


Chronological Thread 
  • From:
  • To:
  • Subject: summary, 3/6/02 phone conversation with I2sysadmins
  • Date: Mon, 11 Mar 2002 10:32:28 -0500



1) IJ gave a status report on the two linux machines that will become the Shib test/demo environment. Both machines are installed, and all of the requested software (except for pubcookie) is installed and operational. He doesn't currently have ldap running over SSL; Steve said that's not a short term requirement. He said he's encountered some problems with pubcookie, and asked if Steve could refer him to a pubcokie expert. The Shib team now needs to provide some configuration info (eg the name of the ldap root, user accounts on the machines, etc).

AI - Steve to locate some pubcookie help
AI - Steve will email IJ and Scott Cantor; IJ will create an account, and Scott will check out the linux boxes, to see if anything needs to be changed.
AI - Steve will match up IJ and the Shib coding teams, to get answers to the configuration questions

DECISION - because of the problems with pubcookie, we decided to use Basic Auth initially, and thus get pubcookie off the critical path

2) CVS - the I2 team has begun thinking about how to provide a CVS service to a broad cross section of projects within I2 (going beyond just the middleware area). Their current thinking is to provide each project with its own cvs service, all hosted on the same machine, but with a different root. Each project would only see its own work. This approach would greatly simplify file backup, etc.

Steve mentioned that he had just received a document from Walter Hoehn, containing recommended cvs practices for Shib.

AI - Steve will forward Walter's document to the I2 team.

3) Initial Shib pilot. Steve had asked if LISTPROC was a suitable candidate. Mike confirmed that Steve was really talking about lp-web (the web interface),and not LISTPROC itself. (insert name here) described how lp-web currently does authentication and authorization.

- authn - it relies on the web sever to do this. Usually implemented using Basic Auth within the web server.

- authz - implemented within the application, within lp-web. lp-web maintains a small berkeley db which contains userids, the lists they are authorized for, and the functions they are authorized for. (name) confirmed the current thinking that lp-web treats userids as opaque strings, and they could take the form "userid@domain" without breaking anything.

It was agreed to do the initial testing by installing LISTPROC and lp-web on one of the Shib linux machines. If/when I2 technical staff get comfortable with the Shibbolized lp-web, it could be moved to the production mail machine.

4) Mike asked about interest in Solaris machines; there has been some discussion with Sun about this. Steve indicated that Shib expected to be supporting both linux and solaris, and encouraged Mike to pursue this. This would also allow testing with the iplanet DS server.
--
--

------------------------------------------------------mace-shib-design-+
For list utilities, archives, subscribe, unsubscribe, etc. please visit the
ListProc web interface at
http://archives.internet2.edu/

------------------------------------------------------mace-shib-design--



  • summary, 3/6/02 phone conversation with I2sysadmins, Steven_Carmody, 03/11/2002

Archive powered by MHonArc 2.6.16.

Top of Page