Shibboleth Developers

[Ajay Daryanani Arjandas <>]

Hi,


 wrote:
> At 3:31 PM +0100 2/19/08, Ajay Daryanani Arjandas wrote:
> > Hi Steven,
> >
> >
> >  wrote:
> > > can you tell us what "family" of open source licenses the GEANT2 
> > > license was derived from? For instance, if its a GPL derivative, then 
> > > we CANNOT look at your code, without tainting our own project. We use 
> > > an apache2 license... if that helps.
> >
> > Our idea is that it should be similar to an apache2 license, but no 
> > final decission has been taken by the GÉANT2 partners. This is still 
> > being discussed.
>
> unfortunately, until the license situation is clarified, none  of the 
> programmers working on Shib 2 can look at any of the eduGAIN code. 
> Juergen -- if you can help move this  along, that would be immensely 
> helpful.....
>
> > > Also, we're not necessarily looking for a completed finished piece of 
> > > work right now -- rather, we'd be interested in looking at the code, 
> > > to see if it meets the constraints we've been given.
> >
> > I just uploaded eduGAINFilter (just the code) to the GÉANT2 SVN. It 
> > can be found at:
> >
> > http://svn.geant2.net/listing.php?repname=GEANT2%20JRA5&path=%2Ftrunk%2Ffilter%2Fsrc%2F&rev=0&sc=0 
>
> Interestingly, I'm not a Shib programmer, and no one in their right mind 
> would let me near the Shib code -- so I took a look.  ;-)  Looking at 
> the comments in the svn log, I see lots of mention of OpenSAML 2 -- we 
> had no idea you were using our latest code.....

Well, one of the goals in eduGAIN is to support SAML2...

> so... does the eduGAIN filter support the SAML 2 Web SSO profile, with 
> the IdP POSTing a signed and encrypted  authentication response and 
> attributes?

Not yet. The mapping to the SAML2 WebSSO profile is already defined in 
the eduGAIN profiles document (attached), but implementation is pending.

> Does the eduGAIN filter interoperate directly with a Shib v2 IdP ?

If the Shibv2 IdP can also act as a Shib1.3 IdP, the only thing we need 
to do in the filter is extending the validation mechanisms to support 
Shibboleth.

If not, apart from the validation issue, we would need the support for 
SAML2 WebSSO profile.


> I have a copy of the eduGAIN Architecture document that is more than two 
> years old -- is there a more recent copy of that document? Any other 
> interesting documents (eg descriptions of the profiles)?

Please find attached the latest versions of the architecture document, 
as well as the profiles document.

Ajay


--
=============================================
Ajay Daryanani Arjandas
Area de Middleware
RedIRIS / Red.es

Edificio Bronce
Plaza de Manuel Gómez Moreno, s/n - 2ª planta
28020 Madrid

Tel.: 91 212 76 20 (Ext. 5541)
Fax : 91 556 88 64
e-mail: 

jid: 


http://www.rediris.es
=============================================

Attachment: DJ5.2.2.3-GEANT2AAIArchitectureAndDesign-071130.doc
Description: MS-Word document

Attachment: DJ5.2.4-eduGAIN Profiles and Implementation Guidelines-20071130.doc
Description: MS-Word document