Shibboleth Developers

[Von Welch <>]

The new about the Shibboleth listing as a eauth approved technology  
is making the rounds in the Grid community. Please see the question  
below that came up in the TeraGrid security working group in  
response. The language regarding Shibboleth does seem a little  
unclear in the eauth documents. Could someone clarify what they mean?

Thanks,

Von



Begin forwarded message:
> From: Mark Bartelt 
> <>
> Date: March 29, 2006 9:23:19 AM CST
> To: Tony Rimovsky 
> <>
> Cc: 
> ,
>  Von Welch 
> <>
> Subject: Re: [Fwd: [Tagpma-general] Shib approval]

> > > From: Scott Rea 
> > > <>
> > > Date: March 29, 2006 8:19:19 AM CST
> > > To: 
> > >
> > > Subject: [Tagpma-general] Shib approval
> > >
> > >
> > > Please note that Shibboleth is now listed as an approved  
> > > technology for teh US e-Authentication initiative.
> > >
> > >
> > > Please see http://www.cio.gov/eauthentication/documents/ 
> > > SelectApprovedTechnology.pdf and http://www.cio.gov/ 
> > > eauthentication/documents/ShibListing.htm
>
>
>
> Interesting news; however ...
>
> To me it sounds like a bit of a stretch to claim that it's been
> "listed as an approved technology".  The fact that the document
> has an approved-providers list, then goes on to say ...
>
> "Federation Members that may have specific needs that are best
>  met utilizing open source solutions may formally request that
>  E-Authentication grant a waiver to use open source, such as
>  Shibboleth, or a toolkit."
>
> ... followed by an e-mail address to which requests for waivers
> should be sent, suggests that they'll be dealing with this on a
> case-by-case basis, at least initially.
>
> This is hardly the same as being an "approved technology", is it?
> (If it were, why wouldn't they have included it in their list of
> approved providers, and why the need to request a waiver?)