shibboleth-dev - SHIB design call -- (5/8/2006) , 3:00 pm est, noon pst
Subject: Shibboleth Developers
List archive
- From:
- To: , "'Teets,Mike'" <>, "'Peter Murray'" <>
- Subject: SHIB design call -- (5/8/2006) , 3:00 pm est, noon pst
- Date: Mon, 8 May 2006 13:51:33 -0400
1-866-411-0013 (toll free US/Canada only)
or 1 -800-392-6130 (alternate toll free US/Canada only)
for callers outside the USA/Canada dial 1-734-615-7474 (not free)
Pin # : 0142203 (NOTE -- this is the usual PIN)
Agenda:
1) Startup
- Roll call, agenda bash
- Intellectual Property Rights Awareness: Internet Intellectual Property Framework
(http://members.internet2.edu/intellectualproperty.html)
2) Review of current implementation status
OpenSAML 2.0 -- any comments or feedback?
next batch of testshib changes (see below)
thoughts on latest ShARPE packaging proposal
3) possible participation in eduGAIN
-- also, wireless authn + Shib continues to march forward... see attached
At 11:52 AM +0100 5/5/06, Tim Chown wrote:
I think the Athens-Shibboleth gateway work has been well publicised,
but I thought I'd share a note on some pilot work we're doing over
the next 3 months as part of the LICHEN project.
As part of some work we did in LICHEN, we've come up with a proposal
for how the JRS (the JANET Eduroam instance) could have a gateway
function to Shibboleth.
4) priorities for the Shib 2.0 IdP implementation
----------- testshib changes -------
Based on previous notes, and the email thread this morning, I've tried to put together a list of the changes we'd like to see made to the testshib-reg application. As you can see, we're trying to very hard to simplify the data entry operation, and reduce ways that people can fall off the tracks.....
1) include Chad's fix (for forwarding attribute values)
2) remove from the IdP Registration page the "domain name of the Identity Provider" field. Currently, this is placed into the shibmd:Scope element; instead, default everyone to a value of "testshib.org".
3) Condense two fields on the IdP reg page into one (the ones labelled "The name for this Identity Provider is" and "The short name the WAYF"); place the entered value into both the OrganizationName and OrganizationDisplayName elements.
4) The "successful registration" page currently displays the private key; change it to also display the self-signed cert. Add text telling the browser user to place these values into specific files -- key.pem and cert.pem
5) For SP Registration, currently user types in hostname. Ensure people can type in hostname:port number.
Change text -- "The virtual hosts or hostnames on which the Service Provider will be running (each on its own line)" -- remove virtual hosts mention
Change text:
A single Service Provider may use virtual hosts or hostnames to define multiple ACS's to protect different applications. These are the virtual hosts or hostnames for the ACS's. Examples would be sp.osu.edu or sp.osu.edu:9443/shibboleth-sp The first host defines the default ACS.
A single Service Provider typically refers to a single application (or set of applications with identical attribute requirements). An SP may span multiple hosts or vhosts. The hostname entered here is used to generate url's referring to ACS endpoints on these hosts. Examples would be sp.osu.edu or sp.osu.edu:9443. Muultiple hosts can be entered on separate lines.
In addition, picking up on Scott's recent suggestion, add non-SSL ACS endpoints into the metadata generated for each SP....
6) Currently, the "Raw Metadata" link in the Nav Bar does NOT work; this is an install documentation fix (edit pages/header.inc.html to include the proper path)
7 -- to think about ) This might be going a bit far afield, but a follow-on might be "enter your
installation path", and then spit out shibboleth config files containing full paths to the PKI files. A simple shell script with some sed commands would handle that quite easily.
Attachment:
lichen-report-2a-v03.pdf
Description: Adobe PDF document
- SHIB design call -- (5/8/2006) , 3:00 pm est, noon pst, Steven_Carmody, 05/08/2006
- Re: SHIB design call -- (5/8/2006) , 3:00 pm est, noon pst, Peter Murray, 05/08/2006
Archive powered by MHonArc 2.6.16.