Higgins dev call on
February 12,
2009
Attendees
* Brian
Carroll - Serena
*
Andy Hodgkinson - Novell
*
Mary
Ruddy
- Meristic
* Paul
Trevithick
- Parity
*
Brian
Walker
– Parity
*
Markus Sabedello – Parity
* Jim
Sermersheim - Novell
*
John
Bradley
*
Gene Gotimer – Privo
*
Mike Jones - Microsoft
time:
noon
EST
Dial-in: 1-866-362-7064
/ 892048#
Agenda
1. [Brian] 1.1M6 - targeted for February
27
- See
http://wiki.eclipse.org/Higgins_1.1M6
for current list
- 1.1
Milestone planning http://wiki.eclipse.org/Higgins_1.1_Plan
- [BrianW]
No new news. Still need
contingencies on this. Don’t have confirmation that some of the items will be
ready by then. We have 6 items
targeted. Some of them are very
close. Need to get validation that they will be done in this time frame. Stay tuned. We will continue to iterate on the
items.
2.
[Brian, Alexander, Andy] Selector Architecture Harmonization
- Phase
I update
- CardSync
[1] protocol work is progressing
- [BrianW]
No major updates to wiki over last week.
- [Andy]
I’ve been looking at the card store interface on the selector. In order to
support the protocol and caching work we want to do, I found that I needed to
add a couple of things to the current interface – a cipher and a credential. If you are
accessing something in the cloud you have to authenticate. As part of that investigation I looked
at Amazon’s S3. The credential
passed down is something generic.
In addition to the file system store that we have now, could have a
provider that goes to S3 or another cloud service. All of that code is checked
in
- [BrianW]
Great.
- [Paul]
You said before that you broke the code into several projects?
- [Andy]
Yes…
- [Paul]
At some point we need to update the solution and components pages.
- [Andy]
Yes, I agree. Have that on my to-do list.
- [Paul]
Don’t delay.
- [Paul]
You already have designed the cardstore, to be multi-process,
multi-threaded?
- [Andy]
We have an ISAM data base engine. It is set up to run as a service or embedded
in a process. And it can support multi-process or multi-threaded access to a
database. When Alexander is
ready, we will look at what it will take to synchronize to the local cache….
not as fast to go directly to the cloud as to the cache, but we could bypass
the cache if we wanted to. Will have local listener that will take initially
REST, and ultimately XML.
- [Paul]
API
different on cardstore and wire?
- [Andy]
Is easy to plug in a different provider with a totally different protocol…So
then can speak the protocol that Alexander is designing.
3.
[Gene] Feedback on Higgins documentation
- Feedback
from Privo's attempt to use Higgins.
- [Gene]
Documentation isn’t there. What I
was looking for pointed to Bandit and Higgins code… piece for us to act as an
identity provider and a trusted party. What I was looking to do was to
integrate it as a set of code to call. I already had the database, but I
couldn’t figure out how. I was looking for one jar to use. I was using Spring…. Without doc and since Higgins has lots
of libraries, it was hard to figure out where to look.
- [Paul]
We package the code into different solutions. One is the RP site enablement.
Did you look at that?
- [Paul}]
The WS-Trust IdP has an example of it running.
- [Gene}
I saw those and the token service build instructions. But it was too
confusing. A lot of the libraries
seemed to need to run as a service beside my code. I was looking for something
to plug in and have my service answer the calls.
- [Paul]….
- [Gene]
Right.
- [Paul]
It does have an STS
– designed as a standalone service that is. customizable. It has a UI where you create an
account and generate an account.
It has configuration files to control how it would
look.
- [Gene]
I ran into this as well. It was its own UI. Even just tying into our data source,
I couldn’t figure out how to do it…
- [Paul]
Definitely not packaged for that.
- [Jim]
The Bandit IdP’s are skinable and modifiable. And
replaceable.
- [Gene]
They were skinable, but I already had a website. I wanted to plug info- cards in. Even having a separate UI that was
skinned was not desirable. Tying into data source wasn’t straight
forward. Wanted it as service
that didn’t have a UI or code to run.
I wanted to tell it how to grab data from my data source. That would
have been my preferred solution.
- [Jim]
Does your data source contain info-cards?
- [Gene]
Database through Hibernate JDBC.
If I could have gotten to the hook in Java .. I could have done
it.
- [Jim]
That is IdAS. We don’t have a JDBC context provider. But there is an IdAS set
of interfaces and a factory to build out classes… Basically what we would need
to do is figure out the fastest way to build a JDBC context provider in front
of that on the UI side.
- [Jim]
Need to make it so that it is deployable.
- [Gene]
I’m looking though the IdAS context providers on the component list. I see where there
is a link to the interface. What I don’t see is exactly what I’m trying to
implement. Is it the entity container? This is where I got lost. It isn’t
clear that this is where you tie in.
- [Jim]
We need to document coming in through multiple angles.
- [Gene]
Was thinking of a JDBC or Hibernate one. Got hung up on just what needed… common
registry and UDI…
It wasn’t clear where to start and what pieces I need. Need a context provider implementer’s
guide.
- [??]
This sound’s like something we talked about doing.
- [Mary]
I remember talking with Jim about this a long time ago. I don’t think we did
it.
- [Jim]
I don’t see anything either. That is something definitely
missing.
- [Gene]
I just came across the IdAS use cases page. But there is no meat behind
that.
- [Gene]
That would have been the piece I needed.
- [Jim]
I’m making a note of that and will talk to Dale about it. What is your
interest level? We could spend a few hours and talk through it. I would have to find out what resources
would have to be involved. JBDC and Hibernate would be
valuable.
- [Gene]
From my point of view a non generic JDBC one would have a lot of value.
- [Gene]
JDBC is one I already know.
- [Jim]
Andy Dale at ooTao did exactly that. They wrote a specific JDBC context
provider. I don’t know what its license is.
- [Mike]
If it is part of linesave it is. That is open.
- [John]
It isn’t.
- [BrianW]
On the Parity side, we did a Hibernate one, but can’t check it into
Eclipse.
- …Discussion
of how it would help if Gene could look at this code….
- [Jim]
I will bring this up with Andy Dale to see what we can do to get a resource to
work with you on that.
- [Gene]
Ok.
- [Mike]
I will start looking into where is the source code.
- [John]
Question is where it would go.
Can’t go into Higgins because it is Hibernate.
- [Mary] So we now have two Hibernate CP’s that
we can’t put into Higgins.
- [Paul]
The issue is that we can’t redistribute Hibernate. Can’t include a jar that relies on an
external dependency. That would
prohibit the nightly build from running
- [Mary]
Hibernate is LGPL so we can’t put it into Higgins itself, I can try to push
back on getting an exception for putting the CP(s) in.
- [John]
I will talk to Andy about this.
- [Paul]
We could have links to SourceForge.
- [Mary]
Yes.
- [John]
Our CP [The Andy Dale Hibernate CP] was also specific for a demo, not useful
to all things for all. But it is useful as a reference.
- [Gene]
JDBC is something that I’m familiar with, so it is a good
anchor.
- [John]
Send me an email with contact info and I can put you in contact with
Andy.
- [Paul]
It is also true listening to Gene, he might prefer to have him implement that
interface in his own code.
- [Paul]
One thing, that would take only 5 minutes, is to add on the wiki page a one
line link.
- [Jim]
This is really good feed back.
- [Paul]
If you look at the new format components pages, there is a chance for every
package to be a wiki page. They
can be [just] a paragraph or two.
Something is better than nothing.
- [Jim]
My last day at Novell is tomorrow. Any future Higgins work I do is charity. I
do think doing work to this end is worthy. So I will try to get some stuff out
there. I don’t know how long
lasting my effort will be.
- [Paul]
Maybe we should move on to the next topic.
- [Mike]
Mike and Gene thank you and sign out.
4.
[Paul] Component renaming
- Results
of the new poll for new name for Web Proxy is here [2].
- New
winner is I-Card Proxy. Thoughts?
- New name
- Results of the new poll
for new name for Web Proxy is here [2]
- New winner (10 votes)
is Identity Proxy or Web Selector (TIE)
- Security
concerns
- Accessing from iPhone
—is there a way to tie access to the phone?
- Accessing from web
browser — should we add another factor? Or perhaps have the I-Card Service
support multiple accounts with different levels of access (e.g. Only allow
access to some cards but not all).
- Android and other
platforms: do they allow browser add-ons?
- [Paul]
Doesn’t anyone have new…
- [Markus]
I’m here.
- [Paul]
From the point of view of an iPhone – no way to tie it to a particular
phone?
- [Paul]
Any iPhone? Have you thought through from a security perspective on the phone?
If you know the username and
password you can get to the cards.
- [John]
Or if you redirect the person to a phishing site…
- [Paul]
Even when we had a web-based card selector we didn’t allow you to log into it
for that reason.
- [Markus]
..Yah.
- [Paul]
When we support the serialized selector, would the iPhone be
possible…
- [Paul]
So there is nothing different about the iPhone. It is just a web
browser.
- [John]
So far Apple doesn’t provide access to any of the underlying
crypto.
- [Paul]
That is the root of my underlying question. It doesn’t allow plugins. Symbian does.
- [John]
Android
allows.
- [Mary]
RIM allows.
- [John] I think plugs-ins are java on
Symbian.
5.
[Mary] Higgins white paper
- Next
steps for completing the draft, and volunteering for sections.
- [Mary]
Hank is traveling this week. He asked me to see if we had any more volunteers
for writing sections.
- [Paul]
To be honest, I looked at it and realized that wow, this is a lot of work It is a good idea to break it up. I will look
again and volunteer.
- [Mary]
Thanks.
- [Mary]
Anything else?
- [Paul]
One thing we could do. Markus
wrote the code, and we had a tie. [So he should get to break the
tie.]
- [Markus]
Web selector.
- [No
objections]
- [Paul]
We’ll go ahead and change the wiki and rename again.
- [Paul]
Thanks again. Will do it again
next week.
[1]
http://wiki.eclipse.org/Selector_Architecture_Harmonization#Card_Sync_Protocol
[2] http://selectricity.org/quickvote/webproxy2/results