Skip to main content

Notice: this Wiki will be going read only early in 2024 and edits will no longer be possible. Please see: https://gitlab.eclipse.org/eclipsefdn/helpdesk/-/wikis/Wiki-shutdown-plan for the plan.

Jump to: navigation, search

04.30.2007 F2F Agenda

Revision as of 18:07, 30 April 2007 by Paul.socialphysics.org (Talk | contribs) (1pm: STS 60 min [MikeM] [Brian and Paula to participate by phone))

Agenda for Higgins face-to-face meeting in Austin, Texas, April 30 - May 3, 2007. This is a very preliminary agenda to organize the event.

Logistics

Location: IBM Austin, 11501 Burnet Road, Austin, Texas, 78758. Report to building 904 to get your badge. The meeting will be held in building 901 room 3G17.

The event will start Monday April 30 at 1:00 and end Thursday May 3 at mid day.

Hotel List for IBM Austin See visitor information for google map, etc.

Expected Attendees

  1. Jeff Broberg (CA)
  2. Greg Byrd (NCSU)--for first part only
  3. Andy Hodgkinson (Novell)
  4. David Kuehr-Mclaren (IBM)
  5. Mike McIntosh (IBM)
  6. Tony Nadalin (IBM)
  7. Nataraj Nagaratnum (IBM)
  8. Mary Ruddy (SocialPhysics)
  9. David Recordon (VeriSign) Monday EOD to Tuesday EOD only
  10. Drummond Reed (Cordance)
  11. Jim Sermersheim (Novell)
  12. Paul Trevithick (SocialPhysics)
  13. Abhi Shelat (IBM)
  14. Jim Yang (Identyx)

Draft Agenda

(Hopefully we have the order right now.)

  • Architecture/Design sessions: April 30th 1pm - May 2nd noon
  • Development Discussions: May 2nd noon - May3rd noon

MONDAY (April 30th) 1pm

1pm: STS 60 min [MikeM] [Brian and Paula to participate by phone]

  • Recent Refactoring [MikeM]
    • Bindings
    • Extension Points
    • Deployments
  • higgins.eclipse.org status[MikeM]

New Package Hierarchy (org.eclipse.higgins.sts)

  • api (most depend on this one)
  • xmlsecurity-apache
  • common
  • server
    • token
      • username
      • ALF
      • SAML
      • identity
      • encrypt
    • mapper
      • appliesTo
      • default
    • trust
    • metadata
    • profile
  • client
  • binding
    • common
    • axis1x
    • servlet
      • metadata
      • profile

New *.api package

  • new packages org.eclipse.higgins.sts.api.* --this is where all the interfaces live.
    • org.eclipse.higgins.sts.api.client
    • org.eclipse.higgins.sts.api.server
  • new interface IInformationCard (extends ITokenCard and ICard)
    • this interface is temporarily here, it will move to and be harmonized with org.eclipse.higgins.icard
  • org.eclipse.higgins.sts.client
    • this is a reference impl of org.eclipse.higgins.sts.api.client
    • can create an STS request. this is where I was forced to create IInformationCard
    • this package is primarily for use by i-card selectors
    • Mike has org.eclipse.sts.binding.axis1x
      • TestManage.java does everything necessary to connect to an STS, (e.g. create request, handle response)

Misc

  • TestManaged.java and TestPersonal.java will use the reference impl packages to illustrate the process and use of APIs
  • Mike is trying to move IdAS dependency into
    • token.identity package
    • profile servlet package
  • Daniel: what are your ideas about documentation
  • Mike: This is important. I forgot to mention something. What I'm thinking that there will be deployment-dependent WAR files. We currently have all these flexible deployment scenarios, but for sample deployments it would be nice if we could create, for example, a "personal STS deployment."
  • Daniel: what folks run into: the fact that we need strong encryption JAR files, is an example of all of these little things that folks run into
  • Mike: we need to come up with documentation for different audiences
  • for developers
  • for people who are deploying it
  • Daniel: I have some raw material on "deploying an IdP"
  • Mike: Paula has also made a stab at it; Brian has contributed a lot to this. I'd like to find the time and/or tech writer resource to get this right.
  • Daniel: if we at least have the doc on all the pieces that are explorable.
  • Mike: yes, as soon as the code settles down I'll get more into this.
  • Mike: there may be a couple more extension points (e.g FIPS-compliant crypto impl), and there are a few more. We might want to add audit to our discussions this week. At least an extension point that could emit audit records
  • Raj: this approach of separating interfaces into *.api is good for other Components
  • Raj: essentially proposes org.eclipse.higgins.api.sts (instead of org.eclipse.higgins.sts.api)

2:45pm Higgins RP Support [60 min] [Jeff B] (Brian, Uppili to participate by phone)

  • What is the near term (Higgins 1.0) scope of this area?
  • Chuck has offered code, but he's wondering who will take care of it
  • RP Component Design proposal [MikeM]
    • Policy Generation/Publication
      • e.g. CardSpace Object Tag Generation
    • Protocol
      • e.g. OpenId, WS-Federation, SAML Redirection
    • Token Consumption
      • e.g. CardSpace Token Decrypt, Verify, and Validate
  • JeffB: The motivation for this came out of work at CA to work with CardSpace
  • Examples of capabilities:
    • token dissasembly
    • dynamic generation of the <object> tag
    • mechanism for the storage and retrieval of the certificates (the private keys required for the dissassembly)
  • Tony, so what you're saying:
    • Enable the RP with policy (building
    • Signature validation of the signature
  • Mike: I'd like to be able to build a component that would be support CardSpace, OpenId and "foo" --any protocol. We'd set properties on this Component to say what protocols you want it to support. It would generate the content embedded with the page that comes to the user. The user does something and redirects and gets back to some piece of code that handles the response. The model for the Component to sort of support all of that.
  • Jeff: I'm interested in putting in work for this
  • Jeff: what do we mean by validating claims
  • Mike: Examples of claim validation the RP might want through some parameters on the component:
    • if "now" is in the validity the token
    • if the claims required are present
  • Jeff: Apache just came out with a CardSpace module. There's an opportunity for us to contribute.
  • Paul: language support?
  • Jeff: I think we need to support a number of different languages
  • Jeff: This is a missing piece of the Higgins architecture
  • Jim: how many crossover points with Pamela project?
  • Paul: okay, so the consensus is that Jeff will work with Mike and Brian to work on scoping this project.

Demos and Interop Planning Uppili to participate (1 hour)

  • Collaborative session to review and update the rows in the OSIS "Identity Agent" chart
  • Discussion of interop
  • IIW: pre-work
  • Burton: interop demos

TUESDAY

9am HBX [60 minutes] [Abhi, Paul]

  • Demo of IBM ZHBX with identity mixer and cardspace support
  • Review functionality, packaging, modularity, threat model
  • Startup sequence
  • Authentication to hosted Higgins (IdA) service

ISS UI, ISS, ICardRegistry (60 - 90 minutes)

  • Illustrate the architecture Novell has been putting together
    • ISS UI talks XPCOM to the ISS
    • ISS talks XML_RPC to ICardRegistry
    • ICardRegistry allows for pluggable ICardStoreProviders
    • Multiple card stores allow for portability of cards
  • Talk about what has been implemented
  • Discuss convergence at the conceptual/architectural level
  • Discuss protocol-level interoperability

11am OpenID (While David is with us. Uppili to call-in.)

  • Various ways to integrate OpenID
    • Context Provider
    • Protocol
    • Card
    • Token Extension

LUNCH

12:30pm [30 min] Dial into Burton Group interoperability call during lunch break

1pm: IdAS API and Data Model [Jim] (Tom to call in)

  • Registry refactoring (2 hours)
  • Update operations (30 mins if not yet resolved)
  • Review new detailed use cases - identify gaps if any, and discussed possible API enhancements (1.5 hours)
  • Review/Discuss - Data model - IdAS, metadata, value - discussions (1 hour)
  • IdAS APIs and SPIs - should we look at separating those? (30 mins)
  • Moving to a JAAS or JAAS-like model for AuthN materials passed to IContext.open (30 mins)

WEDNESDAY

IdAS API and Data Model continued

IdAS Service Descriptions

  • IdAS refactoring for service descriptions (1.5 hour)
    • Refactor or add a layer on top which exposes IdAS in a service-friendly way?

IPR

  • update and risk management discussion [30 minutes - Mary Ruddy]
  • What code should be in Higgins

RCP enablement

  • Integration
    • OSGi Components
    • ISS
    • STS

LUNCH

1pm: Elbow-to-Elbow Integration / Development Discussions

  • Half day or full day of working session time so that people can work F2F on their various ongoing projects.

Junit testing

Nightly Builds

  • Branching?

THURSDAY

Packaging

  • Deployments for M0.8
  • Support for multiple versions of components, should the Token Service be offered as an OSGI version also?

See Also

Back to the top