Shibboleth Developers

[Chad La Joie <>]

On 11/28/10 7:31 PM, Tom Scavo wrote:
> Remember that "InCommon" is just another word for a certain subset of
> U.S. higher ed institutions, so any "chunk of change" is going to come
> (indirectly) from those institutions. Moreover, those institutions
> have historically been very willing to apply human resources in lieu
> of $$$ so I hope the "Shibboleth Consortium" is more like an open
> source project in that  respect (and other respects).

Well, two corrections to the above before I try to address what I think 
you were actually trying to get at.  First, according to its website, 
InCommon is a Limited Liability Company with a particular set of 
products that it is selling.  Some HE institutions are InCommon's 
customers.  From what you just said it sounds like your take is that if 
InCommon thinks something is important then its customers should be the 
ones that foot the development bill.  That seems like a backwards 
relationship.

Second, of the around 5-6,000 US HE schools (depending on whose numbers 
you use), I can think of 5 schools that have offered people, and none 
for longer than 12 months.  So claiming that there has been a plethora 
of offers is inaccurate.

Now, as to the development structure of the project, which I think is 
really what you were trying to comment on.  The project will continue to 
accept new people as it has in the past.  The code will continue to be 
controlled by a meritocratic group of developers. Getting in to that 
group will require long term commitments from *individuals* wishing to 
do so and will require the person to develop the necessary skills.  So, 
in short, it works like almost every other widely used open source 
project out there.  It's also how all the current developers came to the 
project.

> As far as the OTP feature is concerned, I can be very specific about
> the desired timeline: We would like to demo a new login interface
> (based on OTP) to our tools at Fall 2011 I2MM.
>
> I can't tell by reading your ProjectPlanning page when IdP version 3
> is due out. What I'm asking is: If the "Shibboleth Consortium" were to
> plan version 3 such that all the required features for OTP were
> available in v3.0, what would it take to develop v3.0 in the given
> time frame. Of course, those features that don't make it into v3.0
> would be systematically scheduled for v3.x (x>  0). In other words,
> it's not merely a matter of money and/or people power (which you know,
> of course), it's planning for the features you want, when you want
> them.

As far as I know, none of the initial "founders" of the Consortium have 
yet signed any documents truly committing funding, therefore, it would 
be impossible to give any timelines.  However, I feel fairly safe in 
saying that v3 will not be ready for general usage by Fall 2011.

Now, that said, it might still be possible to demonstrate something like 
the OTP extension, in that time.  It would require some one to do the 
work on the OTP extension (this would be a good first step in the 
process described above).  If it was known sooner rather than later that 
some person was committed to this work I'm pretty sure I could adjust 
the IdPv3 development schedule to make sure that at least a 
demonstration could be made.

--
Chad La Joie
http://itumi.biz
trusted identities, delivered