Shibboleth Developers

Phone #:  (800) 541-1710
Pin #:  0142203

Agenda:

1) Current programming issues/questions
        -- status of 1.2 testing; outstanding issues
	-- we've promised that a "release candidate"  would be 
available on 5/11...

2)  continue discussion of security approaches for Fedora and ECL. On 
4/18, we started a discussion with the Fedora  group. This time, a 
couple of people from Simon Fraser Univ will also be joining us  .... 
they have developed ECL (a SOAP-based implementation of the IMS DRI 
protocol). Like the Fedora project, they want to  add security ......

There is currently no "best practice" describing how to add security 
to SOAP  (where, IMHO, best practice results from real experience... 
not from pronouncements from vendor marketing  depts). Different 
groups are proposing different approaches..... I think our task  will 
be  to understand  our requirements, and  make the best choice we 
can... understanding full well that three years from now the market 
may have decided that there were better choices than the one we made. 
And I suspect that some people may suggest "this situation is too 
confusing...let's  wait". That's a choice, too.

During the last conversation, there was a suggestion that we  explore 
the use of  HTTP-level authentication. Based on conversation with 
Scott, I'd like to suggest that we also explore the relevance of Web 
Services Security:

http://www.oasis-open.org/committees/tc_home.php?wg_abbrev=wss

and of some  of the Liberty approaches.