Notes
for Higgins dev call – July 23, 2009
Attendees
·
Mary
Ruddy - Meristic
·
Markus
Sabedello – Harvard Law Lab
·
Paul
Trevithick - Azigo
·
Brian
Walker - Azigo
·
Hank
Mauldin - Cisco
·
John
Bradley
·
Elmar
Beck
Logistics
Time: Thursday, noon Eastern
Dial-in: 1-866-362-7064 / 89-2048#
AGENDA
1) [Brian] HIGGINS 1.1M7 TRACKING
- M7
is targeted for August 7: Go to [1], click on “All 1.1M7
items” link
- All
items are now in bugzilla, currently 15 are open
- [Brian]
For the M7 status, last week we moved the target date to August 7. The
long lead items are related to CardSync. We are finishing those up. The
local cache has been completed and checked-in, and have run internal test
build. Valery and Alexander are actively working on Card Sync and have
that targeted for completion by end of July. I’m still following up
on the GTK selector 1.1 Windows items. The HSS version checked in on
Sunday needs another iteration that will include a combination of the
other connectors and support for the external connectors that Elmar
needs. Also need to update the wiki page also. The final piece associated
with that is to make sure we have a reasonable amount of documentation on
the GTK Windows version.
- [Paul]
Brian is there any reason we can’t implement the prototype now?
- [Paul]
I or Mary could do that.
- [Brian]
There is a link on M7, we could add it.
- [Mary]
We can do that.
- [Paul]
If you click on the mockup you come to the page and it says mockup. It
should say downloads. The mockup is more correct than the current page.
- [Brian]
the other thing is some of the links on the cloud sector are broken, but
all those pages exist or they could be fixed. The owners are also wrong.
- [Paul]
I think we are going for perfection, when we should just fix the page and
gradually improve it. It is so much better than what is there.
- [Mary]
Or I should do this in version 2, and check it. Then it is very quick to
move it to production, and we can publish it.
- [Paul]
I’m a little concerned that the number of open items isn’t
going down. It nice to knock some things off the list.
- [Brian]
I will update the tickets.
- [Brian]
The other thing that was discussed last week was Google Android. Do we
want to add it to the solutions page?
- [Paul]
It is not really a selector, but it is most like a selector. We
don’t want to create a new category. We should just add it to the
Higgins 1.1 plan under selectors.
- [Brian]
We can check in the existing page.
2) [Elmar Eperiesi-Beck (Corisecio) & Jeesmon] HIGGINS SELECTOR SWITCH
UPDATES
- Any
updates? Issues?
- [Elmar]
Thanks for the work on the new sync stuff. We just downloaded it. We had
some issues on the download. It took 10 hours for the download. Still
have some build errors and some link errors. We sent some mail around, so
we should use some help on some small flags we need to set on the compiler
settings. In parallel we started developing the connectors. Plan to have everything
up and running in a couple of weeks, then we can start the legal review,
coordinating with Mary. In parallel we will do the QA.
- [Paul]
Was the SVN download problem a Higgins problem?
- [Elmar]
It was a Higgins server
- [Brian]
We tried some in every form even this morning, and it worked quickly.
- [Paul]
Eclipse has massive pipes….
- [Paul]
If you have a problem with a download, send email to webmaster at eclipse
org. They are really great. That is them, not us.
- [Elmar]
Normally it is fast, it was just the sync stuff that was slow.
- [Elmar] One to one contact would help with the
link errors.
- [Paul] A quick and dirty way to get something
running is to ship a workspace.
- [Brian] I’ve already queued up an engineer
to get this running.
- [Paul] It is wonderful to have your contribution.
- [Elmar] Thank you.
- [Elmar] About the legal issue, is Mary the one to
help?
- [Paul] Yes, she has done this dozens of times.
- [Mary] Yes, and we should do this all on the list.
- [Elmar] We will come back with a list of
dependencies.
3) [Mary] Legal review of code.
- OpenID4java:
big progress getting contributor agreements signed by the authors of this
library!
- [Mary]
We have been working for some time to get contribution agreements in place
for OpenID4jva. We now have a process up and running. All the code has
been reviewed and all the contributors identified. There is a Google group
that is being used to collect the agreements. We already have about half
a dozen agreements.
- [Markus]
Which version is this for?
- [John]
The OpenID4java IPR is for any version. It should be fine after we have
all the contribution agreements. If there is a particular version you want
in Eclipse to review, let Mary know.
4) [Paul, Markus] ATTRIBUTE SERVICES [4]
- [Mary]
Need to edit http://www.eclipse.org/higgins/
IDS-->AS
- Demoted
CDM to component level see [5]
- [Markus]
Discussion/explanation of [6]
- [Markus]
If IdAS Proxy is co-resident with I-Card Service, how is authentication
handled? Not R-Card arms length auth (which we understand well now), but
intimate IdAS Proxy can read/write anything in I-Card Service’s IdAS
data layer.
- [Paul] There is a reference to IDS on the Higgins
home page that should be changed to AS (Attribute Service).
- [Mary]
So I will change the name IDS to AS, and change the related text.
- [Paul]
Yes, we are also missing in that column some of the attribute services.
It doesn’t line up with link 4, Markus and I think it is the attribute
services list for Higgins 1.1. It has 5 things. Markus wants to keep the
IdAS. Mary, I’m going back on forth on the home page,
- [Paul]
Ignore the “demote to the component level” under door number
3. You could argue that CDM is a subcomponent of IdAS, and
shouldn’t be there.
- [Mary]
I think it has merit.
- [Paul]
So Mary, look at the home page and make it line up with the latest lingo.
- [Paul]Link
number 5 is something I‘m actually proud of. It has a doc and
ontology folder. I accidently blew away the SVN history for the ontology
folder. I don’t think it is worth it to go to the backups to get
this restored.
- [Paul]
Doc is now considered a component, so can now access it at that level.
- [Pau]
That is all for housekeeping.
- [Paul]Markus
I will shortly add your picture.
- [Markus]I
did some work on that page.
- [Paul]
So the idea is the service would describe the endpoint. The component page
only describes the component and not the surrounding stuff.
- [Paul]
There are solutions, packages and components. I will add another category.
- [Paul]
Brian we are looking at putting up an IdAS Proxy service co resident
within I-CardSync service. How do we handle authentication from the
client, if it wants to talk to protocols from one service that exposes two
end points?
- [Paul]
….
- [Paul] We don’t have to solve this here,
but am throwing the question out to the team. We now talk about discrete
Higgins services. It is a deployment issue - what combination of services
are running on a particular machine, and worrying in the margins about how
to handle if they are co-resident.
- [Brian] Is this going to be updated on the wiki
pages?
- [Paul] Re-title this to authentication across
services.
- [Paul] There may be very little to do.
- [Brian] Alex is working on this.
- [Paul] Markus, look at the wiki page and see if
there is anything that needs to be changed.
- [Markus] OK.
- [Paul] If you make a change to IdAS common, would
you, as a process, add that row to the comments pages?
- [Markus] IdAS common is on the shared page (for
1.0 and 1.1)
- [Paul] The idea is the component 1.x page is the
page that doesn’t need the h1 and h11 LEDs because it belongs to
both. So with the split pages, we don’t need those columns any
more. So Brian, we should just remove those columns.
- [Brian] Right.
- [Paul] We do need the build LEDs.
5) [Brian, AlexY] CardSync Service [7]
- Brief
updates on progress
- Paul:
Review architecture diagram on [7]
- [Paul]
Brian, I think you mentioned that you were waiting on this.
- [Brian]
Alex and Valery are working on finishing this up.
- [Paul]
About the diagram, when the code is checked, in tell me what I need to
change on my pictures.
Added agenda items.
- [Mary]
John is next.
- [John]
Tony told MS that the way they discern the p-card STS is broken about claims
mapping to assertions. They are going into production with their new
software code and may have made some hard assumptions about how claims are
mapped to attributes in SAML token. Tried to find out if fixing it will
break code.
- [Paul]
So have they decided to make the fix?
- [John]
They are looking into it. The idea of breaking the URI into a named
spaced that has an undefined meaning in SAML 1.1 isn’t ideal. There
is no way to change that for the p-card STS.
- [Paul]
So the way it is now, the attributes must be fully qualified URIs.
- [John]
The way it is now is made up – dividing the claims up into two
pieces….
- [John]
It is not part of the existing IMI spec. The tokens are left entirely up
to the IdP’s and RP’s. So what we need is a SAML 1.1 profile
so we have a degree of interoperability.
- [Paul]
So this work could be done in the OASIS coordination working group of ICF
- [John]
Potentially. What we don’t have a good handle on, if we use
existing shipping code, is does it work with managed cards? If we add a
fix – assign a SAML name space and use the claim URI as an attribute
name, does that break? So if we fixed all the managed cards so all the
p-card claims worked, then all of Pam’s RP stuff would break.
- [Paul]
We are out of time.
Last
added topic.
- [Mary] Next week is the Burton Group Catalyst
Conference, which is an important conference in identity management. Many
of the Higgins people will be there. So we won’t have a Higgins call
next week. Next call is August 6th.
[1] http://wiki.eclipse.org/Higgins_1.1M7
[2] http://wiki.eclipse.org/Automated_Solution-Level_Builds
[3] http://eclipse.org/higgins/solutions/my_downloads.php
[4] http://wiki.eclipse.org/Higgins_1.1_Plan#Attribute_Services
[5] http://wiki.eclipse.org/Components_1.1#Ontology_folder
[6] http://wiki.eclipse.org/IdAS_Proxy_Service_1.1
[7] http://wiki.eclipse.org/CardSync_Service_1.1
|