|
Size: 2613
Comment: Very rough version
|
Size: 2703
Comment: incremental changes. saving often because my browser has taken to crashing.
|
| Deletions are marked like this. | Additions are marked like this. |
| Line 9: | Line 9: |
| = Notes of Previous Meeting ShibGridMtg9Mar = | |
| Line 10: | Line 11: |
| Meeting in progress... | To note: |
| Line 12: | Line 13: |
| APM | 1. David Meredith is in this group, working on a shibbolized portal, but based at Daresbury. Line manager Andy Richards. '''Action Mat to find out how much time he will spend on this work.''' David should be invited to project AG meetings. 2. Credential lifetimes is a complex issue. Shib credentials are typically one-hour long; poor match for multiple-day proxy certs. etc. The mapping must clearly be subject to some policy. Where does that policy sit? Is it up to the SP to decide? What is Manchester's view? More research is needed. 3. IB requirements: IB has a portalusing mod_shib Apache plug-in. '''Action: David to contact Matthew Mascord to find out more.''' |
| Line 15: | Line 25: |
| reviewed notes Person at Daresbury working on a shibbolized portal. additional to this project? should be invited to AG meetings cert. lifetimes shib = 1hr credential lifetime could get IdP to set up lifetime this is a max lifetime user could theoretically set a shorter one myProxy allows up to the max lifetime is it up to SP to decide what is Manchester's view? where should policy sit? maybe post to shibgrid mailing list IB reqs: IB portal David?? portal using mod_shib apache plug-in David to contact Matthew Mascord |
ShibGrid Project Meeting Notes
12th April 2006 at RAL
Present: Andrew Martin, Kang Tang, Matt Viljoen, David Spence.
[Apologies: I have written these notes up too late. And my browser crashed while I was doing so, loosing one set of edits. As such, they are now a poor record of the meeting. --Andrew]
Notes of Previous Meeting ShibGridMtg9Mar
To note:
- David Meredith is in this group, working on a shibbolized portal, but based at
Daresbury. Line manager Andy Richards. Action Mat to find out how much time he will spend on this work.
- David should be invited to project AG meetings.
- Credential lifetimes is a complex issue. Shib credentials are typically one-hour long; poor match for multiple-day proxy certs. etc. The mapping must clearly be subject to some policy. Where does that policy sit? Is it up to the SP to decide? What is Manchester's view? More research is needed.
- IB requirements: IB has a portalusing mod_shib Apache plug-in.
Action: David to contact Matthew Mascord to find out more.
-- David done work on MyProxy shibbolized proxy upload
establised semi-production IdP at RAL
arch document describes attributes and how they turn in to attributes at DN
Action on Kang: IdP in Oxofrd.
- does it issue the same attributes
- (do names need changing?) could set up simple version for project
- not in scope to sort out properly.
gsi-ssh
no need to talk to Rob. David Meredith is in this group, but based at Daresbury. Line manager Andy Richards. Action Mat to find out how much time to spend on this work.
Wiki. Happy to use.
- check on version control limit edit access?? action APM - talk to mark establish a bit more structure or get a better wiki can files be uploaded
=============
arch doc
david has a prototype. sso myproxy server deployed at RAL already
- java-ssh client...
===
second use case. benefits of long-lived credentials.
===
myProxy. just one.
choose? logically, allow choice, but not bother for now.
Organisationally, it's part of NGS, with portal. Other services could use it if authorized.
== could call out from myProxy to VOMS. so get role in certificate. optional extra step
===
notes from GGF to circulate. check where we are relative to other projects
===
discuss with OMII about s/w quality also with security evaluation
====
getting requirements sorted out and written up is key.
====
aim for first week of may. on AG.
===
Kang Tang to meet with David from end next week. Thurs?