Skip to Content.
Sympa Menu

shibboleth-dev - SHIB Status call -- 8/11/2008) -- 12:00 pm EDT, 9 am PDT

Subject: Shibboleth Developers

List archive

SHIB Status call -- 8/11/2008) -- 12:00 pm EDT, 9 am PDT


Chronological Thread 
  • From: Steven Carmody <>
  • To:
  • Subject: SHIB Status call -- 8/11/2008) -- 12:00 pm EDT, 9 am PDT
  • Date: Mon, 11 Aug 2008 11:26:31 -0400

Agenda:

1) Startup
- Roll call, agenda bash
- Intellectual Property Rights Awareness: Internet Intellectual Property
Framework (http://www.internet2.edu/membership/ip.html)

2) Quick items...
-- email lists
-- how to deliver personal infocard keyinfo to app?

3) status updates, Shib 2.1 implementation
- status -- SP has shipped....

4) Discussion items
-- notes on consent release, from last discussion (pasted in below)

5) Other items?

--

-------------------------


1-866-411-0013 (toll free US/Canada only)
or 1 -800-392-6130 (alternate toll free US/Canada only)
for callers outside the USA/Canada dial 1-734-615-7474 (not free)
Pin # : 0142203

http://edial.internet2.edu/call/0169439 for dialout in US

SIP-based:
Connect directly:

sip:
or via Free World Dialup to 4233425 ("I2eDial") and
enter 0142203


-------------------------

notes from discussion of Attribute Consent release

-- trying to create consent for cases we can't currently address; not looking to add consent to existing use cases

-- for cases that would traditionally be handled by OpenID, but no OpenID sites currently support attributes (Scott's OpenID case)

Consent triggered if:

-- on default ARP? and on specific attributes, add a new match function (ok the release if the requesting SP is asking for this attribute, either in the metadata or in the AuthN Request)

-- the RULE for such such an ARP would be ANY (would always run)

-- ? no rule set up in advance for this site

-- this creates an extremely promiscuous IdP; however, configuring in the ARPViewer means that users would have to approve the release of this attribute

-- don't tell users about attributes they don't have control over (eg entitlement) (ARPViewer already has such a blacklist)

-- have a list of SPs you don't want consent triggered for

Notes:

-- it maybe very hard to explain some attributes to users (eg epTID)

chad -- currently, for every SSO request
consent to terms of use (first time you access the IdP and successfully authN)
consent for release of attributes (when you go to a new SP, or the attr/values being released to that SP have changed) (also has a "remember this"box)
info stored in a DB
also have GUIs to manage "preferences"
also has xml filesystem backed store, instead of DB
based on abstract attr info -- not on protocol specifics
works with PUSH only

ArpViewer pops up a jsp page -- explore what other info could be templated into the page --

scott talking about eppn, email, maybe Aff (stuff you'd find in a typical CS card, or self-assert to a web site) - simple common attributes
-- PN also does this (with the same set of attributes)
this set may map initially to these to sites where CS would be applicable

CONSENT mech could ALWAYS be configured as required for a certain SP




Archive powered by MHonArc 2.6.16.

Top of Page