Notes for Higgins dev call - July 23, 2009
Attendees . Mary Ruddy - Meristic . Markus Sabedello - Harvard Law Lab . Paul Trevithick - Azigo . Brian Walker - Azigo . Hank Mauldin - Cisco . John Bradley . Elmar Beck Logistics Time: Thursday, noon Eastern Dial-in: 1-866-362-7064 / 89-2048# AGENDA 1) [Brian] HIGGINS 1.1M7 TRACKING * M7 is targeted for August 7: Go to [1], click on "All 1.1M7 items" link * All items are now in bugzilla, currently 15 are open * [Brian] For the M7 status, last week we moved the target date to August 7. The long lead items are related to CardSync. We are finishing those up. The local cache has been completed and checked-in, and have run internal test build. Valery and Alexander are actively working on Card Sync and have that targeted for completion by end of July. I'm still following up on the GTK selector 1.1 Windows items. The HSS version checked in on Sunday needs another iteration that will include a combination of the other connectors and support for the external connectors that Elmar needs. Also need to update the wiki page also. The final piece associated with that is to make sure we have a reasonable amount of documentation on the GTK Windows version. * [Paul] Brian is there any reason we can't implement the prototype now? * [Paul] I or Mary could do that. * [Brian] There is a link on M7, we could add it. * [Mary] We can do that. * [Paul] If you click on the mockup you come to the page and it says mockup. It should say downloads. The mockup is more correct than the current page. * [Brian] the other thing is some of the links on the cloud sector are broken, but all those pages exist or they could be fixed. The owners are also wrong. * [Paul] I think we are going for perfection, when we should just fix the page and gradually improve it. It is so much better than what is there. * [Mary] Or I should do this in version 2, and check it. Then it is very quick to move it to production, and we can publish it. * [Paul] I'm a little concerned that the number of open items isn't going down. It nice to knock some things off the list. * [Brian] I will update the tickets. * [Brian] The other thing that was discussed last week was Google Android. Do we want to add it to the solutions page? * [Paul] It is not really a selector, but it is most like a selector. We don't want to create a new category. We should just add it to the Higgins 1.1 plan under selectors. * [Brian] We can check in the existing page. 2) [Elmar Eperiesi-Beck (Corisecio) & Jeesmon] HIGGINS SELECTOR SWITCH UPDATES * Any updates? Issues? * [Elmar] Thanks for the work on the new sync stuff. We just downloaded it. We had some issues on the download. It took 10 hours for the download. Still have some build errors and some link errors. We sent some mail around, so we should use some help on some small flags we need to set on the compiler settings. In parallel we started developing the connectors. Plan to have everything up and running in a couple of weeks, then we can start the legal review, coordinating with Mary. In parallel we will do the QA. * [Paul] Was the SVN download problem a Higgins problem? * [Elmar] It was a Higgins server * [Brian] We tried some in every form even this morning, and it worked quickly. * [Paul] Eclipse has massive pipes.. * [Paul] If you have a problem with a download, send email to webmaster at eclipse org. They are really great. That is them, not us. * [Elmar] Normally it is fast, it was just the sync stuff that was slow. * [Elmar] One to one contact would help with the link errors. * [Paul] A quick and dirty way to get something running is to ship a workspace. * [Brian] I've already queued up an engineer to get this running. * [Paul] It is wonderful to have your contribution. * [Elmar] Thank you. * [Elmar] About the legal issue, is Mary the one to help? * [Paul] Yes, she has done this dozens of times. * [Mary] Yes, and we should do this all on the list. * [Elmar] We will come back with a list of dependencies. 3) [Mary] Legal review of code. * OpenID4java: big progress getting contributor agreements signed by the authors of this library! * [Mary] We have been working for some time to get contribution agreements in place for OpenID4jva. We now have a process up and running. All the code has been reviewed and all the contributors identified. There is a Google group that is being used to collect the agreements. We already have about half a dozen agreements. * [Markus] Which version is this for? * [John] The OpenID4java IPR is for any version. It should be fine after we have all the contribution agreements. If there is a particular version you want in Eclipse to review, let Mary know. 4) [Paul, Markus] ATTRIBUTE SERVICES [4] * [Mary] Need to edit http://www.eclipse.org/higgins/ IDS-->AS * Demoted CDM to component level see [5] * [Markus] Discussion/explanation of [6] * [Markus] If IdAS Proxy is co-resident with I-Card Service, how is authentication handled? Not R-Card arms length auth (which we understand well now), but intimate IdAS Proxy can read/write anything in I-Card Service's IdAS data layer. * [Paul] There is a reference to IDS on the Higgins home page that should be changed to AS (Attribute Service). * [Mary] So I will change the name IDS to AS, and change the related text. * [Paul] Yes, we are also missing in that column some of the attribute services. It doesn't line up with link 4, Markus and I think it is the attribute services list for Higgins 1.1. It has 5 things. Markus wants to keep the IdAS. Mary, I'm going back on forth on the home page, * [Paul] Ignore the "demote to the component level" under door number 3. You could argue that CDM is a subcomponent of IdAS, and shouldn't be there. * [Mary] I think it has merit. * [Paul] So Mary, look at the home page and make it line up with the latest lingo. * [Paul]Link number 5 is something I'm actually proud of. It has a doc and ontology folder. I accidently blew away the SVN history for the ontology folder. I don't think it is worth it to go to the backups to get this restored. * [Paul] Doc is now considered a component, so can now access it at that level. * [Pau] That is all for housekeeping. * [Paul]Markus I will shortly add your picture. * [Markus]I did some work on that page. * [Paul] So the idea is the service would describe the endpoint. The component page only describes the component and not the surrounding stuff. * [Paul] There are solutions, packages and components. I will add another category. * [Paul] Brian we are looking at putting up an IdAS Proxy service co resident within I-CardSync service. How do we handle authentication from the client, if it wants to talk to protocols from one service that exposes two end points? * [Paul] .. * [Paul] We don't have to solve this here, but am throwing the question out to the team. We now talk about discrete Higgins services. It is a deployment issue - what combination of services are running on a particular machine, and worrying in the margins about how to handle if they are co-resident. * [Brian] Is this going to be updated on the wiki pages? * [Paul] Re-title this to authentication across services. * [Paul] There may be very little to do. * [Brian] Alex is working on this. * [Paul] Markus, look at the wiki page and see if there is anything that needs to be changed. * [Markus] OK. * [Paul] If you make a change to IdAS common, would you, as a process, add that row to the comments pages? * [Markus] IdAS common is on the shared page (for 1.0 and 1.1) * [Paul] The idea is the component 1.x page is the page that doesn't need the h1 and h11 LEDs because it belongs to both. So with the split pages, we don't need those columns any more. So Brian, we should just remove those columns. * [Brian] Right. * [Paul] We do need the build LEDs. 5) [Brian, AlexY] CardSync Service [7] * Brief updates on progress * Paul: Review architecture diagram on [7] * [Paul] Brian, I think you mentioned that you were waiting on this. * [Brian] Alex and Valery are working on finishing this up. * [Paul] About the diagram, when the code is checked, in tell me what I need to change on my pictures. Added agenda items. * [Mary] John is next. * [John] Tony told MS that the way they discern the p-card STS is broken about claims mapping to assertions. They are going into production with their new software code and may have made some hard assumptions about how claims are mapped to attributes in SAML token. Tried to find out if fixing it will break code. * [Paul] So have they decided to make the fix? * [John] They are looking into it. The idea of breaking the URI into a named spaced that has an undefined meaning in SAML 1.1 isn't ideal. There is no way to change that for the p-card STS. * [Paul] So the way it is now, the attributes must be fully qualified URIs. * [John] The way it is now is made up - dividing the claims up into two pieces.. * [John] It is not part of the existing IMI spec. The tokens are left entirely up to the IdP's and RP's. So what we need is a SAML 1.1 profile so we have a degree of interoperability. * [Paul] So this work could be done in the OASIS coordination working group of ICF * [John] Potentially. What we don't have a good handle on, if we use existing shipping code, is does it work with managed cards? If we add a fix - assign a SAML name space and use the claim URI as an attribute name, does that break? So if we fixed all the managed cards so all the p-card claims worked, then all of Pam's RP stuff would break. * [Paul] We are out of time. Last added topic. * [Mary] Next week is the Burton Group Catalyst Conference, which is an important conference in identity management. Many of the Higgins people will be there. So we won't have a Higgins call next week. Next call is August 6th. [1] http://wiki.eclipse.org/Higgins_1.1M7 [2] http://wiki.eclipse.org/Automated_Solution-Level_Builds [3] http://eclipse.org/higgins/solutions/my_downloads.php [4] http://wiki.eclipse.org/Higgins_1.1_Plan#Attribute_Services [5] http://wiki.eclipse.org/Components_1.1#Ontology_folder [6] http://wiki.eclipse.org/IdAS_Proxy_Service_1.1 [7] http://wiki.eclipse.org/CardSync_Service_1.1
_______________________________________________ higgins-dev mailing list [email protected] https://dev.eclipse.org/mailman/listinfo/higgins-dev
