Shibboleth Developers

Title: shib design call, TODAY monday (6/23), 3:00 pm edt, noon p

Phone #:  (800) 541-1710

Pin #:  0142203

Agenda items:

1) status - 1.0 release --

        - W2K/apache port -- status?

        - cleanup (see list of  potential items down below)

2) Doc -- Nate -- do you need anything?

        -- see items  in cleanup list....

3) Discussion -- possible features in upcoming releases......

        http://stc.cis.brown.edu/~stc/Projects/Shibboleth/Version-2/Shib-v2-features.html

4) Defer for a few  days......

        - finishing discussion of attribute naming

--------- Some Outstanding Issues from v1.0 ---------------------

1) Question -- remove source from origin tarball (just include necessary doc

files, and /bin, and dist/shibboleth.war. ) (see these emails for relevant issues --

        Walter - Wed, 18 Jun 2003 22:53:03 -0400)

        Scott -- cookbook for "maintaining an origin" - Thu, 19 Jun 2003 00:35:16 -0400 )

2) wayf - currently branded as incommon -- we should probably change this....

Seems like there was an idea to tweak the WAYF?  In particular now that
it's the InQueue WAYF, seems like the InCommon logo ought to be removed.
Perhaps the true nature of InQueue can be expressed by its lack of logo.

3) Various documentation questions:

a) The target has about 3 places where the URI has to be fixed. (You have to look at the Apache commands, the ini file, and the AAP file, unfortunately.)

b) FAQ: where to look if no attributes being sent ( set logging to DEBUG and trace through to see where things are failing)

c) Recommendations for placing config files --

d) And as long as we're at it, similarly for the InQueue doc: (change  header of doc)

InQueue Federation Policy and Configuration Guidelines
draft-internet2-inqueue-guidelines-02.html
Nate Klingenstein
RL 'Bob' Morgan
2003-06-17

out, and, below the "InQueue Federation Policy and Configuration
Guidelines" headline:

Version 1.0

June 19, 2003

e)  And lastly, in the Origin Deploy Guide, Section 2b, it says "For more

|information on federations, please refer to the Deployer's Guide to

|Federations and the Shibboleth v1.0 architectural document."

these doc's don't exist.......

f) Origin -- documenting how to use PKI authn

               
[5:37]  ScottC: Then your Apache needs to have the mod_ssl config for the AA's URL so that it will pass along my cert
[5:37]  ryan_: ok, I'll turn on mod_ssl for that location
[5:38]  ScottC: <Location /shibboleth/AA>
[5:38]  ScottC: SSLVerifyClient optional
[5:38]  ScottC: SSLOptions +StdEnvVars +ExportCertData
[5:38]  ScottC: </Location>

[5:38]  ScottC: That's what I use

g) possibly rethinking Origin - section  4.a. (Basic Configuration). This currently strikes me as reference material, rather than an install  guide -- other thoughts?