Skip to Content.
Sympa Menu

shibboleth-dev - shib design call, monday (4/14), 3:00 pm est, noon pst

Subject: Shibboleth Developers

List archive

shib design call, monday (4/14), 3:00 pm est, noon pst


Chronological Thread 
  • From:
  • To:
  • Subject: shib design call, monday (4/14), 3:00 pm est, noon pst
  • Date: Mon, 14 Apr 2003 13:32:10 -0400

Standard logistics:

Phone #: 800-998-2462
Pin #: 5601277

Bob's in Amsterdam, and presumably will miss the call....

Agenda items:

1) status - 1.0 release -- see list of promised features down below
- known issues?

2) Status of various questions

check status RSA IPR claim on openSAML
mace urn value "looking likely"...?

3) Other issues?

exporting SamlAuthnType -- how would an app get this value?
Aaron - status, cvs......
robustness -- reloading of sites file
new attributes
baseURL
CampusAffiliation
Unique persistent opaque ID
profile X500 attributes
recommendations, thoughts on COURSE, DEPARTMENT

------------- current list of promised 1.0 features ---------------------

Here's the current list -- please note that, as with any software development process, last minute changes may occur.......

1) Various improvements to error handling. The most noticeable will be that origin sites, when they join a federation, will be able to supply the url for a local "shib problem resolution" page; this url will be distributed in metadata to targets. When a target encounters an error, it will be able to substitute this url into an error template (replacing a new variable -- origin_error_url).

2) Improved target side robustness. There will be a new SHAR option, allowing the SHAR to store its session and attribute cache in permanent backing store (in addition to the current in-memory option).

3) OpenSAML will populate the AuthnType element in the SAML Subject element. Origin sites will supply the value with a configuration directive. The Type value will describe the type of authentication mechanism used at the origin site (eg kerberos, PKI, etc).

4) OpenSAML - origin sites whose HS cert is NOT signed by one of the trusted roots will be able to provide InCommon with the HS' cert; targets will be able to use this cert to validate the HS' signature.

4) Extend the Attribute Authority implementation, providing backend attribute plugins. This should greatly simplify the process of extending the AA to support additional attributes.

5) Target side -- can we do this? -- use local time string values in the target side log files.

6) (possibly) support for using W2K and Apache as a target

------------------------------------------------------mace-shib-design-+
For list utilities, archives, subscribe, unsubscribe, etc. please visit the
ListProc web interface at
http://archives.internet2.edu/

------------------------------------------------------mace-shib-design--




Archive powered by MHonArc 2.6.16.

Top of Page