Shibboleth Developers

["Scott Cantor" <>]

> Okay, I really should stop here because now you can mostly infer the
> requirements by reading between the lines.  I will emphasize, however,
> the obvious requirement that the definitive versions of the metadata
> and gridmap files must be totally separate from Shibboleth.  They can
> not live in the Shibboleth installation directory, nor can they reside
> in a tomcat webapp directory (both of which are volatile).  Instead,
> the metadata and gridmap files must be stored in a home directory
> known only to GridShib (otherwise we run the risk of some process
> clobbering them).

Why can't they go in <SHIB-HOME>/etc with everything else we install for
permanent isolation? One of my concerns is that we take more steps to
prevent the installer from clobbering anything in there, so once we do that,
couldn't your files be copied into etc/ when the installer copies all the
other base files in?

After an initial install, that's end of game. You've got no business messing
with my config at that point anyway, so I think it's questionable that this
buys you much, but assuming it does, I would think we could have another
folder that contains the files to move into etc/

I guess to me the real problem is that you guys (speaking of the Java team)
really need to have a strategy for creating file.dist in the etc/ folder,
checking to see if the base file exists, and then copying it in. That's what
the SP does. That's why I suggested cvs should contain file, you do macro
expansion on that to create file.dist in etc/ and then you check and rename
to file. I realize it's too late for that, but that's the right way to do
this.

-- Scott