|
Size: 2703
Comment: incremental changes. saving often because my browser has taken to crashing.
|
← Revision 7 as of 2013-05-17 16:26:45 ⇥
Size: 2895
Comment: converted to 1.6 markup
|
| Deletions are marked like this. | Additions are marked like this. |
| Line 5: | Line 5: |
| Present: Andrew Martin, Kang Tang, Matt Viljoen, David Spence. | Present: Andrew Martin, David Spence, Kang Tang, Matt Viljoen. |
| Line 9: | Line 9: |
| = Notes of Previous Meeting ShibGridMtg9Mar = | = Notes of Previous Meeting = Filed as: ShibGridMtg9Mar |
| Line 13: | Line 15: |
| 1. David Meredith is in this group, working on a shibbolized portal, but based at Daresbury. Line manager Andy Richards. '''Action Mat to find out how much time he will spend on this work.''' |
1. David Meredith is in this group, working on a shibbolized portal, but based at Daresbury. Line manager Andy Richards. '''Action Mat to find out how much time he will spend on this work.''' |
| Line 17: | Line 17: |
| David should be invited to project AG meetings. | David should be invited to project AG meetings. |
| Line 19: | Line 19: |
| 2. Credential lifetimes is a complex issue. Shib credentials are typically one-hour long; poor match for multiple-day proxy certs. etc. The mapping must clearly be subject to some policy. Where does that policy sit? Is it up to the SP to decide? What is Manchester's view? More research is needed. | 1.#2 Credential lifetimes is a complex issue. Shib credentials are typically one-hour long; poor match for multiple-day proxy certs. etc. The mapping must clearly be subject to some policy. Where does that policy sit? Is it up to the SP to decide? What is Manchester's view? More research is needed. |
| Line 21: | Line 21: |
| 3. IB requirements: IB has a portalusing mod_shib Apache plug-in. '''Action: David to contact Matthew Mascord to find out more.''' |
3. IB requirements: IB has a portalusing mod_shib Apache plug-in. '''Action: David to contact Matthew Mascord to find out more.''' = Progress = Kang Tang started at Oxford this week. David has worked on MyProxy and a Shibbolized Proxy upload. Establised a semi-production IdP at RAL. An architecture document describes attributes and how they turn into attributes at DN. Does Oxford IdP issue the same attributes (do names need changing?). Should we set up a simple version for the project? Solving Oxford's IdP issues is out of scope. But we want a near-production facility. '''Action: Kang to investigate.''' == Wiki == Everyone seems happy to use the ESP-Grid Wiki, provided: * either the open access for editing is restricted, or there is good version control, or both. * we establish a better structure for ShibGrid * files can be uploaded. '''Action: Andrew check with Mark.''' == Architecture Document == David has produced an outline architecture and implemented a prototype. A SSO myProxy server is deployed at RAL already. How many myProxy servers are needed? Just one? Logically, you would allow a choice, but we need not bother for now. Organisationally, the myProxy server is part of the NGS, along with the portal. Other services could use it if authorized. You could call out from myProxy to VOMS, and so get role in certificate. This is an optional extra step. |
| Line 25: | Line 48: |
-- David done work on MyProxy shibbolized proxy upload establised semi-production IdP at RAL arch document describes attributes and how they turn in to attributes at DN Action on Kang: IdP in Oxofrd. does it issue the same attributes (do names need changing?) could set up simple version for project not in scope to sort out properly. gsi-ssh no need to talk to Rob. David Meredith is in this group, but based at Daresbury. Line manager Andy Richards. Action Mat to find out how much time to spend on this work. Wiki. Happy to use. check on version control limit edit access?? action APM - talk to mark establish a bit more structure or get a better wiki can files be uploaded ============= arch doc |
= Next Steps = |
| Line 61: | Line 51: |
| 1. We should circulate the meeting notes from GGF15 (Athens); check where we are, relative to other projects. | |
| Line 62: | Line 53: |
| david has a prototype. sso myproxy server deployed at RAL already java-ssh client... |
2. It will soon be time to discuss with OMII about s/w quality. We should also consider making provision for security evaluation. |
| Line 66: | Line 55: |
| === | 3. Getting requirements sorted out and written up is key. |
| Line 68: | Line 57: |
| second use case. benefits of long-lived credentials. | 4. Progress with the project plan is urgently needed. |
| Line 70: | Line 59: |
| === | 5. Kang to start meeting with David regularly. |
| Line 72: | Line 61: |
| myProxy. just one. choose? logically, allow choice, but not bother for now. Organisationally, it's part of NGS, with portal. Other services could use it if authorized. == could call out from myProxy to VOMS. so get role in certificate. optional extra step === notes from GGF to circulate. check where we are relative to other projects === discuss with OMII about s/w quality also with security evaluation ==== getting requirements sorted out and written up is key. ==== aim for first week of may. on AG. === Kang Tang to meet with David from end next week. Thurs? |
Next meeting: aim for first week of may. on AG. |
ShibGrid Project Meeting Notes
12th April 2006 at RAL
Present: Andrew Martin, David Spence, Kang Tang, Matt Viljoen.
[Apologies: I have written these notes up too late. And my browser crashed while I was doing so, loosing one set of edits. As such, they are now a poor record of the meeting. --Andrew]
Notes of Previous Meeting
Filed as: ShibGridMtg9Mar
To note:
David Meredith is in this group, working on a shibbolized portal, but based at Daresbury. Line manager Andy Richards. Action Mat to find out how much time he will spend on this work. David should be invited to project AG meetings.
- Credential lifetimes is a complex issue. Shib credentials are typically one-hour long; poor match for multiple-day proxy certs. etc. The mapping must clearly be subject to some policy. Where does that policy sit? Is it up to the SP to decide? What is Manchester's view? More research is needed.
IB requirements: IB has a portalusing mod_shib Apache plug-in. Action: David to contact Matthew Mascord to find out more.
Progress
Kang Tang started at Oxford this week.
David has worked on MyProxy and a Shibbolized Proxy upload. Establised a semi-production IdP at RAL. An architecture document describes attributes and how they turn into attributes at DN.
Does Oxford IdP issue the same attributes (do names need changing?). Should we set up a simple version for the project? Solving Oxford's IdP issues is out of scope. But we want a near-production facility. Action: Kang to investigate.
Wiki
Everyone seems happy to use the ESP-Grid Wiki, provided:
- either the open access for editing is restricted, or there is good version control, or both.
we establish a better structure for ShibGrid
- files can be uploaded.
Action: Andrew check with Mark.
Architecture Document
David has produced an outline architecture and implemented a prototype. A SSO myProxy server is deployed at RAL already. How many myProxy servers are needed? Just one? Logically, you would allow a choice, but we need not bother for now. Organisationally, the myProxy server is part of the NGS, along with the portal. Other services could use it if authorized.
You could call out from myProxy to VOMS, and so get role in certificate. This is an optional extra step.
Next Steps
- We should circulate the meeting notes from GGF15 (Athens); check where we are, relative to other projects.
- It will soon be time to discuss with OMII about s/w quality. We should also consider making provision for security evaluation.
- Getting requirements sorted out and written up is key.
- Progress with the project plan is urgently needed.
- Kang to start meeting with David regularly.
Next meeting: aim for first week of may. on AG.