Shibboleth Developers

At 9:36 AM -0600 3/29/06, Von Welch wrote:
> The new about the Shibboleth listing as a eauth approved technology 
> is making the rounds in the Grid community. Please see the question 
> below that came up in the TeraGrid security working group in 
> response. The language regarding Shibboleth does seem a little 
> unclear in the eauth documents. Could someone clarify what they mean?

we passed the certification tests in April 2005. As noted in the 
email, we were added to the approved technology list just this 
week....

we asked the same question, and got this response:

> The PMO made a "business decision" that open source and SAML tool kits could
> be used however a special waiver would be required. The issue is simply that
> because an organization is not using a COTS product, it increases the risk
> associated with interoperability.
>
> There are at least 2 federation members currently running with either open
> source or tool kits.

not that I understand the answer -- I think its just as easy to 
mis-configure a COTS product as Shibboleth.

I'd note that this list of approved software applies to sites joining 
the Federal E-Authn Federation, and that, currently, joining that 
Federation requires a site to climb over several significant legal 
hurdles. Top leadership at e-authn has recently changed due to a 
retirement, so requirements may change. But, IMHO, no campus or 
research center would agree to the current requirements.

I'd note that InCommmon and the Federal E-authn Federation are 
currently exploring "inter-federation interoperability". That may 
provide an alternate route for campuses and research centers.