Skip to Content.
Sympa Menu

shibboleth-dev - Re: Shib 1.3 configuration

Subject: Shibboleth Developers

List archive

Re: Shib 1.3 configuration


Chronological Thread 
  • From: Nate Klingenstein <>
  • To: Tom Scavo <>
  • Cc: Steven Carmody <>, Shibboleth Development <>
  • Subject: Re: Shib 1.3 configuration
  • Date: Wed, 25 May 2005 16:12:29 +0000

Really, the base distribution should have little (if any) connections
to InQueue or any other supporting sites out there in cyberspace. It
should stand alone. It should install and run.

If you want to download the IdP or SP just to build it and watch metadata refresh messages appear in the log files you can do so very easily, but if you want to make it do anything interesting it needs a partner in a transaction. This isn't exactly unusual. You can open a web browser and sit at about:blank all day, but eventually you'd like to access a webpage to see if it works and get some content. You could grab Gnutella to build a listing of your files, but you want to connect and share. Daemons aren't fun to install and poke without another service to speak to.

I'm eager to simplify the installation process, but not reductio-ad-absurdum. This software is designed to interoperate with relying parties with which out-of-band, prior trust relationships have been established. Anything we can do to get to the point where you're able to communicate "hello world" to a test or real server faster is good, but I'll always insist that should be the end goal of the installation process should be basic interoperation with a remote provider because that's what this stuff does.

It should make no
(unreasonable) demands from the human who has chosen to install it.
Install time is not the time to insist that the installer know
everything you (the developer) know about the software being
installed.

If you can go through the installation process as it stands today and come out with knowledge of everything the software does, hat's off to you. I've seen the exact opposite problem in the install-fests I've run. If some mod_jk, Tomcat, firewall, Java problem, or typo doesn't catch them first -- none of which we can really do much about other than warn in really big bold letters and have explicit text on a version-by-version basis, or distribute IdP-in-a-box per Steven's earlier suggestions which only helps with a couple of those -- they complete the checklist with little to no difficulty only to be left stranded asking, "Now what?"

Nate.




Archive powered by MHonArc 2.6.16.

Top of Page