Quick review of previous meetings notes
Action: Matt to find out David Meredith's time at Daresbury. We won't have much of David's time. At the moment we need to get David M involved to flag up the Shibboleth stuff - and then we can be clearer about demands on time later. There's a chance that other people can be used as well. It would be good to invite DM down at RAL to maybe duplicate the portal.
IB requirements: David W hasn't talked to Matthew Mascord about the requirements yet - should do this today.
Oxford IdP: Kang to look at IdP and attributes. Kang has talked to Christian Fernau of the SPIE project at OUCS. But Kang will use his own IdP and join the RAL federation. We can get help from Christian from time to time.
Had a discussion about how to map the long term DN to the short-term DN and the local Shib Id (attribute).
Wiki: In the process of having OeRC wiki and ShibGrid stuff will be there.
Next steps:
Notes from GGF16 (Athens) have been circulated. Mark to circulate ShibGrid BOF stuff
OMII s/w quality. See [http://www.omii.ac.uk/contribution/submission_standards.jsp OMII pages]. DW and Andy to contact Steven Newhouse ASAP to discuss this
- Requirements: Jens has requirements doc. Will (re-)circulate. DW to talk to Matthew Mascord.
Project plan - no progress. Action Andrew.
- Kang/DS meeting regularly - Yes! This is happening
Progress to date
David S
Finished code of myProxy changes. And tested extensively. Not public yet as they're still waiting on a CVS server.
Kang
Have a working test IdP, Kerberos SSO - Webauth and LDAP ready for test AA. Next step get the test IdP working with Webauth. After that Oxford IdP needs to join same federation as RAL.
SP at RAL is behind the firewall. Action: Need meeting with network people at RAL to overcome firewall issues.
IdP plans - we could merge later with SPIE. How do we go about that and get the IdP to survive after the project? Mark to talk to Mike Fraser.
Also Kang to check with SPIE about AA and Attributes.
Issues
Federation issues
What to do when we go live - do we use JISC's or our own? Should we join with Manchester here? DS to talk to Mike Jones at Manchester to see what their thoughts are? However, there doesn't seem a great problem with having our own federation and then joining the JISC/UKERNA one when the time is right.
shib-proxy-init
We don't think that this work should be done (to provide a command/website that allows power users to do a myproxy logon via Shibboleth). We won't provide command line tools.
NGS registration
We need to edit the web site to get our own page. David M was saying that the portal is going to switch over in the next few weeks to a new version. Therefore, we will produce our own one before moving to the NGS portal later.
Action: DS is going to talk to people about how the NGS user accounts will interact. Re short-term certificates and long term etc. etc.
Lifetimes of generated certificate proxies
Limit to the life-time of the certificate generated from the myProxy server. Some confusion about the delegation length limit - it may be on a server basis or an individual certificate basis.
Action: Andrew Martin to write some thoughts on this (He had planned to do this before this meeting).
We had a discussion about the lifetimes of these proxy certificates. For the prototype we should default to 1Ms (11 days?). The limit is the lifetime of the certificate.
Action: whoever writes up - we should note the issues that there was some debate about that for people without long-term certificates, the generated proxies, should be much shorter term and lower LoA.
Firewall/hosting of WAYF
DS has one already running (but it's behind the firewall). Leave it at RAL at the moment - DS to try to sort out the firewall issues locally. If this fails, then we could move it (or replicate it) to Oxford.
Next meeting
Mark to send out some dates. AG is free the week of 26 June apart from Monday pm.