Shibboleth Developers

1-866-411-0013 (toll free US/Canada only)
or 1 -800-392-6130 (alternate toll free US/Canada only)

for callers outside the USA/Canada dial 1-734-615-7474 (not free)

Pin # : 0142203 (NOTE -- this is the usual PIN)

Agenda:

1) Startup
      - Roll call, agenda bash
      - Intellectual Property Rights Awareness: Internet Intellectual 
Property Framework
                (http://members.internet2.edu/intellectualproperty.html)

2) Review of current implementation status

        OpenSAML 2.0 -- any comments or feedback?
        next batch of testshib changes (see below)
        thoughts on latest ShARPE packaging proposal

3)  possible participation in eduGAIN
	-- also, wireless authn + Shib continues to march forward... 
see attached

At 11:52 AM +0100 5/5/06, Tim Chown wrote:
> I think the Athens-Shibboleth gateway work has been well publicised,
> but I thought I'd share a note on some pilot work we're doing over
> the next 3 months as part of the LICHEN project.
>
> As part of some work we did in LICHEN, we've come up with a proposal
> for how the JRS (the JANET Eduroam instance) could have a gateway
> function to Shibboleth.


4) priorities for the Shib 2.0 IdP implementation


-----------  testshib changes  -------

Based on previous notes, and the email thread this morning, I've 
tried to  put together a list of the changes we'd like to see made to 
the testshib-reg application. As you can see, we're trying to very 
hard to simplify the data entry operation, and reduce ways that 
people can fall off the tracks.....

1) include Chad's fix (for forwarding attribute values)

2) remove from the IdP Registration page the "domain name of the 
Identity Provider" field. Currently, this is placed into the 
shibmd:Scope element; instead, default everyone to a value of 
"testshib.org".

3) Condense two fields on the IdP reg page into one (the ones 
labelled "The name for this Identity Provider is" and "The short name 
the WAYF"); place the entered value into both the OrganizationName 
and OrganizationDisplayName elements.

4) The "successful registration" page currently displays the private 
key; change it to also display the self-signed cert. Add text telling 
the browser user to place these values into specific files -- 
key.pem and cert.pem

5) For SP Registration, currently user types in hostname. Ensure 
people can type in hostname:port number.

Change text -- "The virtual hosts or hostnames on which the Service 
Provider will be running (each on its own line)" -- remove virtual 
hosts mention

Change text:
> A single Service Provider may use virtual hosts or hostnames to 
> define multiple ACS's to protect different applications. These are 
> the virtual hosts or hostnames for the ACS's. Examples would be 
> sp.osu.edu or sp.osu.edu:9443/shibboleth-sp The first host defines 
> the default ACS.

A single Service Provider typically refers to a single application 
(or set of applications with identical attribute requirements). An SP 
may span multiple hosts or vhosts. The hostname entered here is used 
to generate url's referring to ACS endpoints on these hosts. Examples 
would be sp.osu.edu or sp.osu.edu:9443. Muultiple hosts can be 
entered on separate lines.

In addition, picking up on Scott's recent suggestion, add non-SSL ACS 
endpoints into the metadata generated for each SP....

6) Currently, the "Raw Metadata" link in the Nav Bar does NOT work; 
this is an install documentation fix (edit pages/header.inc.html to 
include the proper path)

7 -- to think about ) This might be going a bit far afield, but a 
follow-on might be "enter your
installation path", and then spit out shibboleth config files 
containing full paths to the PKI files. A simple shell script with 
some sed commands would handle that quite easily.

Attachment: lichen-report-2a-v03.pdf
Description: Adobe PDF document