Identity Federations Meeting Minutes October 28th

Submitted by Andreas Åkre Solberg [1] on 28 October, 2009 - 14:35

1 General

Moved all content of the GÉANT wiki to https://rnd.feide.no/idfed in order to make it accessible to people outside this group.

Video Meetings will be status reports only. Then, we'll try to arrange working meetings with Adobe Connect on work items like:

Front-channel attribute aggregation
SWITCH GMT Cross-federation Testing
Metadata distribution meeting

2 Metadata Distribution

Testing status round.

Lukas suggestion on testing: Embedded Discovery Service using Javascript... Metadata aggregator needs to publish IdPs in a JSON format...

Maya reports that http://rnd.feide.no is not part of eduGAIN aggregator. Action Item: Andreas will add metadata for http://rnd.feide.no.

Arrange av VC. Andreas will send out a Foodle for a VC next week.

2.1 Aggregator updates

Aggregator module is now documented:
- https://rnd.feide.no/content/simplesamlphp-aggregator-module
Aggregator now available on both https and http
Pretty print XML output with linebreaks, easier to read for humans
Fix for configuring an upper limit of accepted validUntil durations of incoming metadata.
Support for setting all configuration parameters indivindual for each aggregate on an aggregator, including using separate signing certificate for each aggregate.
Added Foodle SAML 1.1 Metadata for testing SAML 1.1 as well.

David: Intitial discussion internally in Wayf. Discussion with UNINETT on Skype meeting. Jaime from RedIRIS has also done work in this field. VC yesterday with Jaime, Diego, David, Andreas, Mads and Jacob.

Phase 1: Problem description. Focus on choosing which approach. Several alternatives:
- Front-channel attribute queries
- AuthN requests for attribute collection
- Extended AuthN requests for attribute collection
- Problem description in closed circle...
Phase 2: Work on the profiling
Phase 3: Implementation work

4.2 SWITCH GMT Testing

Lukas: He received an e-mail from Leif. Leif got the domain name he needed in order to setup a Shib SP. DFN also need to setup a Shib SP.

Testing connecting Feide OpenIdP towards the GMT administration. New: support using eduPersonPrincipalName instead of SwissEduPersonUniqueID.

Service Provider acts as a VO consumer...

Roland Hedberg from Sweden is implementing a python implementation of a SAML entity. Will test with SWITCH VO Platform.

Video meeting: Wait until Leif and Torsten has a running SP. Using skype instead.

4.3 CLARIN Collaboration

CLARIN is a very distributed set of Service Providers. They need some storage to store information about users that have agreed up on some 'Terms of usage', this should be shared across all CLARIN services.

Action item: Send details to Jürgen about VC.

4.4 Beyond Web

New collaboration with TCS eScience Personal Portal (aka Confusa).

They will use OAuth to authenticate a command line client tool to a web-based service that issues short-lived certificate. Then they will extend it further using OAuth for web-based delegation of proxy-certificates; collaborating with a Norwegian University.

Experimental OAuth support already in SimpleSAMLphp. Will need some polishing, in order to be used in production in the TCS eScience Personal Portal.

Minutes - meeting