From:
higgins-dev-bounces@xxxxxxxxxxx [mailto:higgins-dev-bounces@xxxxxxxxxxx] On Behalf Of Jim Sermersheim
Sent: Wednesday, December 13, 2006
7:44 PM
To: higgins-dev@xxxxxxxxxxx
Subject: Re: [higgins-dev] Demo
post-mortem
FWIW, I put these
here and
took the liberty of assigning some names to tasks (still need owners for a few)
>>> "Jim Sermersheim" <jimse@xxxxxxxxxx> 12/8/06 3:57
PM >>>
- STS
Configuration (https://bugs.eclipse.org/bugs/show_bug.cgi?id=163618).
The bug doesn't say anything else, but I think it has to do with how the STS is
configured to do things like: - insert a claim mapper between itself and the
IdAS CP (dependency on claim mapping task below), possibly include a
list of allowed CP's, etc.
- Name
mappings. We used full DN values from the groupMembership. Should
have been simple (mapped) names.
- Update operations in IdAS instead of PHP LDAP. All the update
operations on the RP use PHP LDAP instead of IdAS.
- Location of
dependency libraries. We had some in the STS deployment lib directory,
and others in the Tomcat shared lib. We need a methodology for deciding
where to locate these.
-
BasicDateTimeValue couldn't be used because of some fishiness with the time
zones. Duane has the details.
- Verify that
Mike's latest STS code is in, and we can build and deploy ourselves.
- Check in fixes
to card generator to Higgins.
Separate from form ui
- Empty/missing
claim (on forum)
- LDAP CP should
support any URI as the context ref (i.e. http)
>>> "Jim Sermersheim" <jimse@xxxxxxxxxx> 12/7/06 5:47
PM >>>
I suggested that
we do some kind of post-mortem evaluation of the work done to get the demo
working so we avoid letting things fall through the cracks.
Probably the best
thing to do is get everyone's feedback and then create a task list
or create bugzilla items for each.
The Novell team
will meet tomorrow afternoon to come up with a list from our experience, so
look for the results of that later. Until then, a few I can think of off
the top of my head include:
- CardID to
context mapping. We ended up making the CardID equal the
contextRef. It looked like this: file:///<some path
on the IdAS machine to a config file>?<some identifier inside the config
file representing a context>. There's already a bug for this (https://bugs.eclipse.org/bugs/show_bug.cgi?id=163366).
It would be nice if we could come up with something a little more abstract so
we're not putting something as brittle and revealing as a local filename
- Claim/Attribute
mapping. We ended up making the LDAP CP emit attributes which are named
just like cardspace claims... We'd like to do this via configuration, or
possibly a mapping CP, or something like that.
- STS builds are
still not quite up to snuff -- see recent list traffic.
I can see there
are a lot of others now that I look around, I have to run for the evening so
I'll pick back up in the AM.