Shibboleth Developers

[Walter Hoehn <>]

Thanks for this Howard.  Comments/Questions interspersed.

-Walter


On Oct 27, 2004, at 1:52 PM, Howard Gilbert wrote:

> What is going to happen when I check in the Java Target?
>
>  /lib
>
> I will add xbean.jar, xbean_xpath.jar, and xmltypes.jar to the set of 
> JAR files.

No problems here.

> Issue: I believe that opensaml.jar in the library doesn't have 
> debugging symbols in it. During development I replace it with one that 
> does, but I won't check that one in.

Whatever.  When I'm developing I check out OpenSAML separately and 
point to that.  Might be nice to have a src jar checked in, though.

>  /src/conf

No problems here.

> /src/internet2/middleware/commons/log4j
>
> An optional request logging package also described separately and 
> distributed as its own jar file. But for now I will check it in here 
> so it doesn't get lost.

Could you say more about this?  How does this diverge from what we are 
already doing?

> /src/.../common
>
> AAP.java (new) - an interface for the AAP pluggable component.
>
> AttributeRule (new) - an interface for an AAP element

Alright.

> ShibResource.java - I propose a change to line 67, probable bug fix. 
> The existing code defaults to find resources from the JRE part of the 
> classpath. I change it to use the local ClassLoader and therefore to 
> find resources in the WEB-INF directory.

Why?

> XML.java - Add a few character string constants along with the ones 
> already there.
>
> /src/.../metadata
>
> Generally speaking, there are a few changes made to frequently dummy 
> methods that were created to conform to the earlier version of the 
> SAML 2 spec. As the spec was refined, a few things were added, a few 
> were deleted, and a few were changed.
>
> Endpoint.java - delete getVersion() method which is no longer part of 
> the spec.
>
> KeyDescriptor.java - delete getKeySize() method. Change 
> getEncryptionMethod to return String[] instead of String to conform 
> with the spec.
>
> Add comments to Provider.java and ProviderRole.java.
>
> Add interfaces for AttributeAuthorityRole, EntityDescriptor, 
> EntityLocator, IDPProviderRole.
>
> Add constants class named SAML2Metadata.java. The idea is to place in 
> this class the strings that we decide are the official version of 
> Bindings and such when we officially decide how to embed Shibboleth 
> the protocol into SAML 2.0 Metadata.
>
> Now in metadata/provider/XMLMetadata, you change implementation 
> methods to agree with the changed interfaces. getEncryptionMethod 
> still returns null, but now it is a null String[] instead of a null 
> String.

Alright by me.

> /src/.../target
>
> A new package containing most of the new code.
>
>  Too numerous to mention here, and they are all new and don't change 
> or conflict with anything.

Could we not make this "target"?  "SP" or "serviceProvider"?

> /src/schemas
>
> Add XSD schemas for the Target configuration XML files and for the 
> SAML 2.0 standard metadata. [I know that these may be based on a prior 
> "for comment" drop of the SAML files, so these need to be updated at 
> some point with final form. They work and we don't need better right 
> now.]

Alright.

> /webAppConfig
>
> Add target.xml which gets remapped into /WEB-INF/web.xml when the WAR 
> file is built for distribution.

Fine.

> /webApplication
>
> The Ant script seems to require that some things (/lib JAR files, XSD 
> schemas) appear in both the source tree and the prototype application 
> directory. This should be fixed.

No problem reworking things here, if you want.  There is duplication 
because things need to exist for the webapp and the command line utils.

> Error Pages
>
> The HTML files that are sent on an error have to move somewhere. In 
> the C++ target they were in an absolute file location such as 
> /opt/shibboleth/etc/shibboleth/shireError.html. I propose to put them 
> in the root of the Web Application directory.

Fine by me.

> Ant Build
>
> This is probably the hardest part. There is one Ant build designed to 
> build a distributable target. I have made changes toward building a 
> testable image. This will be the last thing I check in and I may have 
> comments on it later.

I'm definitely open to refining what we already have checked in.  
Suggestions?

Attachment: smime.p7s
Description: S/MIME cryptographic signature