Shibboleth Developers

["Scott Cantor" <>]

> I'd *really* like a  Shibbolized  WebAssign  to be working before 
> semester end, so that some students could use it. I'd also *really 
> really* like  this to be available for demo at the I2 spring meeting 
> (may 6-8).
> 
> On monday's  call, I'd like to talk about what we have to do to move 
> on this stage.....

I won't demand it, but I would like to at least consider slipping in the
newer runtime code on the Java side so that we can sign the
authentication assertions before we use this in a real context even for
testing.

The APIs that the HS and SHIRE use to generate the XML are (I think I
can safely say) very encapsulated and pretty simple to use, so if they
need to change a bit, that isn't a drastic change to the code. That
really isn't where we've hit rough spots with our integration testing,
it's been mostly logistical stuff.

In that vein, all the HS needs is a Java keystore with an RSA key and a
certificate signed by somebody we can live with (CREN maybe?) and then
the SHIRE just needs to check for a CA-signed cert in the assertion. I
don't even care so much if we do any checking of the HS name and origin
site at this point, as long as we at least sign the thing. For one
thing, I think it will yield more useful performance data.

-- Scott

------------------------------------------------------mace-shib-design-+
For list utilities, archives, subscribe, unsubscribe, etc. please visit the
ListProc web interface at

    http://archives.internet2.edu/

------------------------------------------------------mace-shib-design--