[higgins-dev] Notes from 1.11.2007 Higgins weekly call

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]

[higgins-dev] Notes from 1.11.2007 Higgins weekly call

From: "Paul Trevithick" <paul@xxxxxxxxxxxxxxxxx>
Date: Tue, 16 Jan 2007 21:38:13 -0500
Delivered-to: higgins-dev@xxxxxxxxxxx
List-archive: <https://dev.eclipse.org/mailman/listinfo/higgins-dev>
List-help: <mailto:higgins-dev-request@eclipse.org?subject=help>
List-subscribe: <https://dev.eclipse.org/mailman/listinfo/higgins-dev>, <mailto:higgins-dev-request@eclipse.org?subject=subscribe>
List-unsubscribe: <https://dev.eclipse.org/mailman/listinfo/higgins-dev>, <mailto:higgins-dev-request@eclipse.org?subject=unsubscribe>
Thread-index: Acc54Iiv5n+M9Hw0TBCEdzF1Sp1UrA==

Attending
---------
Mike, Daniel, Andy, Tom, Jeff, Duane, Brian, Mary, Abhi, Jim, Paul, Tony,
Uppili 

This week's special topic: Discussion of using one card to auth to another
card's IdP
------------------
Very rough notes. Lots of errors and omissions. Sorry...
...
Daniel: Mike we're accepting at the STS un/pw that the user types in. We'd
like to support the Self signed SAML as well the way the STS is opening the
context provider is by passing the UN/PW (with LDAP bind) to the context
provider. The problem with Self signed SAML is that we don't have a way for
the STS to pull a subject out of it
Jim: My understanding is that PPID and public key would be available (if
true). We will bind to the user as Least Privileged User and find the user
that has those attributes. So that CUID we'd return from the open. And get
attributes from that DS. 
Mike: Say that again, what are the two attributes? 
Jim: Take the PPID and public key (these are claims from the token)
Mike: We have to get the STS to behave like an RP --I need to figure out
what the policy is to do that
Daniel: the policy needs to specify and endorsing token. I have the
CardSpace guide...
Mike: I probably do have it too
Daniel: Do you have an XML file that sets your policy, could we stick this
in that file?
Mike: I'm in the process of fixing that right now. Right now that file
contains a bunch of EP URIs.
Daniel: You probably want two policy alternatives
Mike: I think you can put two policies in the same file. You can have a
policy that says you can provide tokens for all four token types. 
Daniel: I think you can (wsp:all token)
Daniel: we're anxious to try this ASAP. Mike could this fit into my
priorities. I'm working on many things. Here's another possibility...
Yesterday you started work to put your latest STS out there. But then
perhaps we could with some coaching from you. Would that work?
Mike: I need to get back to you. I only got a little further since I talked
to you.
Jeff: I have a working MSFT STS source code. MSFT provided the beginnings to
work on it. I could also look at what the RST looks like. 
Daniel: I'd be interested in it
Jeff: It came from one of the community previews. I have everything running
within a vmware image I could
Dale: let's look at the CTP agreement first.
Jeff: It has everything in an internal vmware image.
Mike: one last technical question Jim: I'll need the latest IDAS and the
latest CP 
Mike: How are you going to register this information?
Daniel: We've extended the schema in our LDAP provider with 2 new
attributes. When you create the managed card, you will select a personal
card that has the auth mat for the managed card. 
Mike: this won't work: the PPID and public key are generated from the
masterkey and the URI. 
Daniel: 1st select a self-issued card for auth. That brings back comes the
PPID, then you go request it to build you a managed card and it builds you a
managed card. We can generate a card that can do this. 
Jeff: Trouble is, if you delete the self-issued card, the managed card
becomes useless

General Items
-------------
Paul:  We need to work more on the agenda for the F2F meeting this week.

Abhi: ISS and the policy components, at the end of the week; internally
we'll create some unit test; starting work on HBX. 

Mary: Abhi have they asked you any more questions? 

Abhi: It is still in IP triage. 

Jim: there are a number of components list that I don't know where they are.


Jim: one problem either add something that is a link to a status page or
have a common template--each has a todo list. 

Mike: provide a guide for each component owner. So that they can updated
component status.

Paul: I'll work on a template for a component status page with a summary and
bugzilla list, etc.


Next Action Items
-----------------
Daniel: document use case from today's special topic

Mary: check into getting vServer for the RSS test service  - answer, can put
this on our exisiting vServer

Paul(and Mary): to work on an updated wiki template so that more status
information is provided for each component.  Make it easier to see progress
and activity.  

ALL: Flesh out the Agenda for the F2F meeting and pre meeting.

Prev by Date: RE: Re[4]: [higgins-dev] Display and schema information in IdAS API
Next by Date: Re[2]: [higgins-dev] Display and schema information in IdAS API
Previous by thread: [higgins-dev] Display and schema information in IdAS API
Next by thread: [higgins-dev] Minor tweak to higgins.owl committed
Index(es):
- Date
- Thread

Breadcrumbs