shibboleth-dev - Re: [Shib-Dev] IdP One Time Password SMS Authentication
Subject: Shibboleth Developers
List archive
- From: Chad La Joie <>
- To:
- Subject: Re: [Shib-Dev] IdP One Time Password SMS Authentication
- Date: Sun, 28 Nov 2010 20:41:04 -0500
- Organization: Itumi, LLC
On 11/28/10 7:31 PM, Tom Scavo wrote:
Remember that "InCommon" is just another word for a certain subset of
U.S. higher ed institutions, so any "chunk of change" is going to come
(indirectly) from those institutions. Moreover, those institutions
have historically been very willing to apply human resources in lieu
of $$$ so I hope the "Shibboleth Consortium" is more like an open
source project in that respect (and other respects).
Well, two corrections to the above before I try to address what I think you were actually trying to get at. First, according to its website, InCommon is a Limited Liability Company with a particular set of products that it is selling. Some HE institutions are InCommon's customers. From what you just said it sounds like your take is that if InCommon thinks something is important then its customers should be the ones that foot the development bill. That seems like a backwards relationship.
Second, of the around 5-6,000 US HE schools (depending on whose numbers you use), I can think of 5 schools that have offered people, and none for longer than 12 months. So claiming that there has been a plethora of offers is inaccurate.
Now, as to the development structure of the project, which I think is really what you were trying to comment on. The project will continue to accept new people as it has in the past. The code will continue to be controlled by a meritocratic group of developers. Getting in to that group will require long term commitments from *individuals* wishing to do so and will require the person to develop the necessary skills. So, in short, it works like almost every other widely used open source project out there. It's also how all the current developers came to the project.
As far as the OTP feature is concerned, I can be very specific about
the desired timeline: We would like to demo a new login interface
(based on OTP) to our tools at Fall 2011 I2MM.
I can't tell by reading your ProjectPlanning page when IdP version 3
is due out. What I'm asking is: If the "Shibboleth Consortium" were to
plan version 3 such that all the required features for OTP were
available in v3.0, what would it take to develop v3.0 in the given
time frame. Of course, those features that don't make it into v3.0
would be systematically scheduled for v3.x (x> 0). In other words,
it's not merely a matter of money and/or people power (which you know,
of course), it's planning for the features you want, when you want
them.
As far as I know, none of the initial "founders" of the Consortium have yet signed any documents truly committing funding, therefore, it would be impossible to give any timelines. However, I feel fairly safe in saying that v3 will not be ready for general usage by Fall 2011.
Now, that said, it might still be possible to demonstrate something like the OTP extension, in that time. It would require some one to do the work on the OTP extension (this would be a good first step in the process described above). If it was known sooner rather than later that some person was committed to this work I'm pretty sure I could adjust the IdPv3 development schedule to make sure that at least a demonstration could be made.
--
Chad La Joie
http://itumi.biz
trusted identities, delivered
- [Shib-Dev] IdP One Time Password SMS Authentication, Tom Scavo, 11/28/2010
- Re: [Shib-Dev] IdP One Time Password SMS Authentication, Chad La Joie, 11/28/2010
- Re: [Shib-Dev] IdP One Time Password SMS Authentication, Tom Scavo, 11/28/2010
- Re: [Shib-Dev] IdP One Time Password SMS Authentication, Chad La Joie, 11/28/2010
- Re: [Shib-Dev] IdP One Time Password SMS Authentication, Tom Scavo, 11/28/2010
- Re: [Shib-Dev] IdP One Time Password SMS Authentication, Chad La Joie, 11/28/2010
- Re: [Shib-Dev] IdP One Time Password SMS Authentication, RL 'Bob' Morgan, 11/29/2010
- Re: [Shib-Dev] IdP One Time Password SMS Authentication, RL 'Bob' Morgan, 11/29/2010
- Re: [Shib-Dev] IdP One Time Password SMS Authentication, Paul Hethmon, 11/29/2010
- Re: [Shib-Dev] IdP One Time Password SMS Authentication, Chad La Joie, 11/29/2010
- RE: [Shib-Dev] IdP One Time Password SMS Authentication, Peter Williams, 11/29/2010
- Re: [Shib-Dev] IdP One Time Password SMS Authentication, Tom Scavo, 11/28/2010
- Re: [Shib-Dev] IdP One Time Password SMS Authentication, Chad La Joie, 11/28/2010
- Re: [Shib-Dev] IdP One Time Password SMS Authentication, Tom Scavo, 11/28/2010
- Re: [Shib-Dev] IdP One Time Password SMS Authentication, Chad La Joie, 11/28/2010
Archive powered by MHonArc 2.6.16.