Shibboleth Developers

["RL 'Bob' Morgan" <>]

Ken K mentioned there was a discussion about something called QIK,
"qualified installation of keys", at the recent GGF meeting, in the CA-Ops
WG.  I found a paper via Google:

  http://caops.es.net/Documents/GGFVII/AlternativeGovernance.pdf

  "Machine Assisted Trust Mechanisms for Grids", Madsen et al

The main http://caops.es.net/ page claims this work has moved to a new
(GGF?) research group, but that link doesn't work ...

Anyway I mention it because the basic idea is I think quite consistent
with our approach to key management in Shib, namely that the use of root
keys by relying parties has to be associated with policy constraints
specific to the applications they're used in, and that it helps to be able
to express these constraints clearly and move them around.  Something like
this scheme would presumably be how sites would distribute and advertise
their own Shib metadata.  Paul Madsen, who is first author, is also active
in Liberty, don't know whether these ideas are reflected there or not ...

 - RL "Bob"