Shibboleth Developers

[Keith Hazelton <>]

Members of Shib-Dev, MACE-Dir and/or the EDUCAUSE IdM group are warmly invited to join this special call.  We will begin exploring ways to incorporate OpenID into our AuthN services. The aim is to develop and promote common practices and, where possible, advocate for best practices for use cases in which both SAML 2.0 federated approaches and protocols such as OpenID may be appropriate.  A message sent to potential use case contributors is included below to provide additional background.

See use cases at: https://spaces.internet2.edu/display/OpenID/Use+Cases

1) Startup
- Roll call, agenda bash
- Intellectual Property Rights Awareness: Internet Intellectual Property
Framework (http://www.internet2.edu/membership/ip.html)

2)  Start to identify common sets of requirements from the collected use cases

3) Build a list of approaches to be evaluated

4) Begin to sharpen the problem statement and the scope definition

5) Identify and assign next steps

----------------------------

+1-734-615-7474 PREFERRED (from any phone where Long Distance calling has no add'l cost over local or 800 calling, e.g., cell phones or callers with fixed price LD plans)

+1-866-411-0013 (US/Canada Only and only if above 734- number costs user more than 800/866 calls; this number costs Internet2 substantially more than above 734 number and should be avoided if possible)

Pin # :  0109044

 http://edial.internet2.edu/call/0109044 for dialout in US

 SIP-based:
   Connect directly:
   sip:

_________________

Hi,

I'm writing on behalf of Keith Hazelton (chair of the mace-dir working group) and myself (Shibboleth Project Manager). All of you have recently mentioned or described work that you've undertaken (or are about to start) related to allowing people to authenticate with OpenID and then access Service Provider sites on your campuses. Last week, Peter triggered a very interesting discussion on the mace-dir email list about one family of issues in this space. Some of the people participating in Peter's thread mentioned protocols in addition to OpenID.

Keith and I are writing because we think this is the appropriate time to start a larger discussion around the topic of "how to do this well". We're particularly aware of Scott Cantor's warning about "avoiding the chaos" that would result if we see a wide variety of approaches deployed in different environments. We expect to see a growing number of sites seeking to do this, and we'd like to have the "best practices" discussion sooner rather than later. We're committed to trying to achieve consensus around common approaches; at this point, neither of us is committed to any specific approach. We doubt that we'll see consensus around a single approach to some issues (eg the gateway vs native implementation question); however, we would like to see consensus on the issues that are most relevant to application developers and browser users.

We both feel that there's a range of issues that need to be addressed; we also think that the issues sit astride both these working groups (and go even further, including other SAML SP implementations). Once there's consensus around a problem definition and requirements, we expect various groups to begin working on those problems that sit more directly within the scope of their charter. For now, though, we'd like to encourage a larger group to discuss the larger problem, before we start narrowing the scope to individual discussions.

As an outcome of this process, we would like to see consensus on approaches to the various problems and issues within this space,so that users, deployers, and application developers would be able to see and depend on some commonality.

We'd like to:

1) invite you -- no, make that "strongly encourage you" -- to submit your use cases to the discussion. All of you have clearly been thinking about this problem space, so we're hoping this will not be a burden. We'd encourage you to keep individual use cases as simple as possible, and to submit as many use cases as you feel you need to in order to describe the problems you face. Feel free to be explicit about which protocols you think you will need to be supported for your use cases.

Please add them to this wiki space:

https://spaces.internet2.edu/display/OpenID/Use+Cases

You will need to authenticate to the spaces wiki in order to edit that page. If you're not already a user of spaces, there is some information available here:

http://middleware.internet2.edu/docs/internet2-spaces-instructions-200703.html

If you don't have the time to wade through that process, email your Use Cases to me, and I'll add them.

Note that this is the time to get your Use Cases included in the discussion; 3 months from now may be too late.

2) use next monday's regularly scheduled Shibboleth Status Conference Call (12/13, 12 noon est) to host an initial conference call, and invite a broader group to join that discussion. We will be posting an announcement to the mace-dir list inviting that community to this call; we will also probably post an announcement to the Educause IDM list. Please forward the announcement to people you know who would be interested in participating.

We'd like to use that call to 1) start to identify the common requirements, 2) identify a list of directions among which we have to choose, and 3) start on a crisper statement of the scope of the work.

At the end of that call, we'd like to identify a set of next steps.

We expect to see participation spanning from Central European Time to Pacific Standard Time. We apologize in advance for any scheduling difficulties that a 12 noon est time creates for people.

3) encourage you to participate in the various discussions that spring from the initial conversations.

Thanks for "volunteering" !