Quick review of previous meetings actions
Action: Matt to find out David Meredith's time at Daresbury. We won't have much of David's time. At the moment we need to get David M involved to flag up the Shibboleth stuff - and then we can be clearer about demands on time later. There's a chance that other people can be used as well. It would be good to invite DM down at RAL to maybe duplicate the portal. Action: Matt or Andy?
IB requirements: David W hasn't talked to Matthew Mascord about the requirements yet - should do this today. Action DW
Oxford IdP: Kang to look at IdP and attributes. Kang has talked to Christian Fernau of the SPIE project at OUCS. But Kang will use his own IdP and join the RAL federation. We can get help from Christian from time to time.
We then discussed how to map the long term DN to the short-term DN and the local Shib Id (attribute).
Wiki: In the process of obtaining an OeRC wiki and the ShibGrid stuff can go there.
Next steps:
Notes from GGF16 (Athens) have been circulated. Mark to circulate ShibGrid BOF stuff [See ShibBOF_notes]
OMII s/w quality. See OMII pages. DW and Andy to contact Steven Newhouse ASAP to discuss this
Requirements: Jens has Diamond requirements doc. Jens will (re-)circulate (See footnote 1). DW to talk to Matthew Mascord.
Project plan - no progress. Action Andrew.
- Kang/DS meeting regularly - Yes! This is happening
Progress to date
David S
Finished code of myProxy changes. And tested extensively. Not public yet as they're still waiting on a CVS server.
Kang
Have a working test IdP, Kerberos SSO - Webauth and LDAP ready for test AA. Next step get the test IdP working with Webauth. After that Oxford IdP needs to join same federation as RAL.
SP at RAL is behind the firewall. Action for RAL folks: Need meeting with network people at RAL to overcome firewall issues.
IdP plans - we could merge later with SPIE. How do we go about that and get the IdP to survive after the project? Mark to talk to Mike Fraser.
[Note from Mark: I've had a brief chat with Mike about this and he (and I probably) is going to set up some briefings and meetings to promote the idea of bringing Shibboleth into production in Oxford. An obvious outcome would be the SPIE IdP moving into real production. Timescales - briefings to possibly begin in early July. The main meeting and decisions are unlikely to be until September, however.]
Also Kang to check with SPIE about AA and Attributes.
Issues
Federation issues
What to do when we go live - do we use JISC's or our own? Should we join with Manchester here? DS to talk to Mike Jones at Manchester to see what their thoughts are? However, there doesn't seem a great problem with having our own federation and then joining the JISC/UKERNA one when the time is right.
shib-proxy-init
We don't think that this work should be done (to provide a command/website that allows power users to do a myproxy logon via Shibboleth). We won't provide command line tools.
NGS registration
We need to edit the web site to get our own page. David M was saying that the portal is going to switch over in the next few weeks to a new version. Therefore, we will produce our own one before moving to the NGS portal later.
Action: DS is going to talk to people about how the NGS user accounts will interact. Re short-term certificates and long term etc. etc.
Lifetimes of generated certificate proxies
Limit to the life-time of the certificate generated from the myProxy server. Some confusion about the delegation length limit - it may be on a server basis or an individual certificate basis.
Action: Andrew Martin to write some thoughts on this (He had planned to do this before this meeting).
We had a discussion about the lifetimes of these proxy certificates. For the prototype we should default to 1Ms (11 days?). The limit is the lifetime of the certificate.
Action: whoever writes up - we should note the issues that there was some debate about that for people without long-term certificates, the generated proxies, should be much shorter term and lower LoA.
Firewall/hosting of WAYF
DS has one already running (but it's behind the firewall). Leave it at RAL at the moment - DS to try to sort out the firewall issues locally. If this fails, then we could move it to (or replicate it at) Oxford.
Mark to send out some dates. AG is free the week of 26 June apart from Monday pm. For the weeks of 19 and 26 June I've (-- MarkNorman 2006-06-01 16:46:20) emailed the AG folks to ask for any time on the 30th as that's the most likely date by the look of it. (Note from Jens 27/05/06) - Diamond requirements: Uploaded to (temporary?) URLs: http://storage.esc.rl.ac.uk/shibgrid/requirements/dls/Req_Security.doc http://storage.esc.rl.ac.uk/shibgrid/requirements/dls/UseCases.doc (1)Next meeting