Skip to main content
Jump to: navigation, search

Difference between revisions of "Milestone 1.0M7"

(IIW Reference Application Post Mortem)
 
(83 intermediate revisions by 7 users not shown)
Line 1: Line 1:
 +
{{#eclipseproject:technology.higgins|eclipse_custom_style.css}}
 +
[[Image:Higgins_logo_76Wx100H.jpg|right]]
 +
[[Category:Higgins Roadmap]]
 +
__NOTOC__
 
'''Milestone 0.7: Feb 15'''
 
'''Milestone 0.7: Feb 15'''
With this milestone we will have roughed out all major components of the Higgins architecture including a card selector UI.
+
With this milestone we will have roughed out all major components of the Higgins architecture including a card selector UI. [https://bugs.eclipse.org/bugs/enter_bug.cgi?product=Higgins Handy shortcut to create a new Higgins Bugzilla entry]. [https://bugs.eclipse.org/bugs/buglist.cgi?query_format=advanced&bug_status=NEW&bug_status=ASSIGNED&bug_status=REOPENED&product=Higgins See all open items]
===ISS Web UI===
+
 
* Jan's (IBM Zurich) team plans to contribute code to this component and to the (Firefox) HBX component. Jan's team's code implements most of the card selection user interface in HBX (in XUL) and supports this on the back end in the ISS Web UI component.
+
<s>done items have strikethrough</s>
 +
 
 +
===Architecture===
 +
* Continue to evolve the [[Architecture]] across these broad areas including:
 +
** <s>Integration of idemix (cross-card policy matching) [[User:abs.zurich.ibm.com|Abhi]]</s>
 +
** <s>First cut at I-Card Registry design [[User:paul.socialphysics.org|Paul]], Valery, SergeyL</s>
 +
** IdAS registry and configuration issues [[User:paul.socialphysics.org|Paul]], Jim, Tom, Valery
 +
*** New proposal done, Jim will lead the effort from here
 +
 
 +
===HBX===
 +
# <s>Move download URL to Eclipse [https://bugs.eclipse.org/bugs/show_bug.cgi?id=155452 155452]</s> [[User:vkokhan.aquasoft.dp.ua|Valery]]
 +
# Acquire CardSpace-compatible I-Card (.crd) from webpage [https://bugs.eclipse.org/bugs/show_bug.cgi?id=168845 168845] [[User:maxim.parityinc.net|Maxim]]
 +
# Update the HBX doc (e.g. target protocols (e.g. OpenID), non-pluggable assumption)
 +
# <s>OpenID support: request approval of Sxip OpenID libraries</s>
 +
'''ISS Web UI (inside HBX)'''
 +
* <s>Initial implementation [[User:abs.zurich.ibm.com|Abhi]]</s>
 +
Defer to 0.8
 +
# [[HBX Startup]], authentication issues
 +
 
 +
===RP Protocol Support===
 +
* <s>Initial implementation [https://bugs.eclipse.org/bugs/show_bug.cgi?id=170063 170063] [[User:sergey.parityinc.net|Sergei]]</s>
 +
* <s>Getting the RP Protocol Support Service running on an Eclipse server. [https://bugs.eclipse.org/bugs/show_bug.cgi?id=170082 170082] </s> [[User:sergey.parityinc.net|Sergei]]
 +
* New operation: create new CardSpace-compatible I-Card (.crd) [https://bugs.eclipse.org/bugs/show_bug.cgi?id=168850 168850] [[User:slyakhov.parityinc.net | SergeyL]] [in progress]
 +
 
 +
===RP Enablement===
 +
* <s>Getting the test RPPS code running on an Eclipse server. [https://bugs.eclipse.org/bugs/show_bug.cgi?id=170301 170301] </s> [[User:sergey.parityinc.net|Sergei]]
  
 
===I-Card Selector Service===
 
===I-Card Selector Service===
* Begin initial implementation [https://bugs.eclipse.org/bugs/show_bug.cgi?id=160408 160408]
+
* Begin initial implementation [https://bugs.eclipse.org/bugs/show_bug.cgi?id=160408 160408] [[User:abs.zurich.ibm.com|Abhi]]
  
 
===I-Card Registry===
 
===I-Card Registry===
* Design and implement I-Card Registry [https://bugs.eclipse.org/bugs/show_bug.cgi?id=160410 160410]
+
* Design and implement I-Card Registry [https://bugs.eclipse.org/bugs/show_bug.cgi?id=160410 160410] [[User:vkokhan.aquasoft.dp.ua|Valery]]
* Continue work on I-Card Provider API [https://bugs.eclipse.org/bugs/show_bug.cgi?id=160375 160375]
+
* Continue work on I-Card Provider API [https://bugs.eclipse.org/bugs/show_bug.cgi?id=160375 160375] [[User:vkokhan.aquasoft.dp.ua|Valery]]
 +
 
 +
===I-Card Providers===
 +
*Cardspace-compatible Managed provider
 +
** initialize with .crd data [https://bugs.eclipse.org/bugs/show_bug.cgi?id=168852 168852] [[User:vkokhan.aquasoft.dp.ua|Valery]]
 +
* CardSpace-compatible Personal provider
 +
* URI provider [https://bugs.eclipse.org/bugs/show_bug.cgi?id=169233 169233] [[User:vkokhan.aquasoft.dp.ua|Valery]], SergeyL
  
 
===Token Service===
 
===Token Service===
* Interop with live.microsoft.net (in progress) [https://bugs.eclipse.org/bugs/show_bug.cgi?id=152872 152872] <-- still need to reword this
+
* Interop with live.microsoft.net (in progress) [https://bugs.eclipse.org/bugs/show_bug.cgi?id=152872 152872] [[User:Mikemci.us.ibm.com|Mike]]
 +
* Eclipse-Hosted Higgins Token Service [https://bugs.eclipse.org/bugs/show_bug.cgi?id=169870 169870] [[User:Mikemci.us.ibm.com|Mike]]
  
 
===Token Providers===
 
===Token Providers===
* Self-signed SAML 1.1 [https://bugs.eclipse.org/bugs/show_bug.cgi?id=160413 160413] [under development]
+
* <s> Self-signed SAML 1.1 [https://bugs.eclipse.org/bugs/show_bug.cgi?id=160413 160413] [[User:Mikemci.us.ibm.com|Mike]] </s>
* Username / password [https://bugs.eclipse.org/bugs/show_bug.cgi?id=160414 160414] [under development]
+
* <s> Username / password [https://bugs.eclipse.org/bugs/show_bug.cgi?id=160414 160414] [[User:Mikemci.us.ibm.com|Mike]] </s>
===I-Card Providers===
+
* CardSpaceCard - Integrated with STS and IdAS
+
* IdASCard
+
  
 
===IdAS===
 
===IdAS===
# IdAS API: schema create/retreive methods [https://bugs.eclipse.org/bugs/show_bug.cgi?id=160412 160412]
+
* IdAS API: schema create/retreive methods [https://bugs.eclipse.org/bugs/show_bug.cgi?id=160412 160412]
# IdAS unit tests (.higgins.idas.test) [Waiting for factory instantiation mechanism] [https://bugs.eclipse.org/bugs/show_bug.cgi?id=153208 153208]
+
* IdAS unit tests (.higgins.idas.test) [Waiting for factory instantiation mechanism] [https://bugs.eclipse.org/bugs/show_bug.cgi?id=153208 153208]
# Start work on remote interfaces
+
* Many other [https://bugs.eclipse.org/bugs/buglist.cgi?query_format=advanced&bug_status=NEW&bug_status=ASSIGNED&bug_status=REOPENED&product=Higgins&component=IdAS open] items
 +
 
 
===IdAS Context providers===
 
===IdAS Context providers===
* Jena-based provider (uses HSQLDB) [80% done] [https://bugs.eclipse.org/bugs/show_bug.cgi?id=852856 852856]
+
* Jena-based provider (uses HSQLDB) [80% done] [waiting on IPzilla] [https://bugs.eclipse.org/bugs/show_bug.cgi?id=152856 152856] [[User:slyakhov.parityinc.net | SergeyL]]
* XML file-based provider [in progress]
+
* LDAP-based provider [waiting on IPzilla]
* LDAP-based provider [in progress]
+
  
 
===I-Card manager===
 
===I-Card manager===
# Remove hard-coded HTML profile edit/view pages [in progress] [https://bugs.eclipse.org/bugs/show_bug.cgi?id=152860 152860]
+
* <s>Initial implementation [[User:sergey.parityinc.net|Sergei]]</s>
  
===HBX===
+
===Infrastructure===
# Startup processing
+
* Automated Builds [[User:Mary.socialphysics.org|Mary]], [[User:evgeniy.parityinc.net|Evgeniy]]
## Discovery of and/or connecting to a Higgins service endpoint URL
+
** <s>Trigger nightly builds on demand [https://bugs.eclipse.org/bugs/show_bug.cgi?id=169213 169213]</s>
##* Explore optional use of XRI and/or i-names (community or top level)
+
** <s>Trigger stable builds on demand [https://bugs.eclipse.org/bugs/show_bug.cgi?id=169214 169214]</s>
## 1st time: Provisioning of user account on Higgins service
+
** <s>Add build number to "stable build jar name" [https://bugs.eclipse.org/bugs/show_bug.cgi?id=169215 169215]</s>
## 1st time: Display and user acceptance of Higgins service's Terms of Service (TOS)
+
** Add build hour and minutes
## Nth time: Authentication to user account on Higgins service
+
** Add manifest document to all build zip files [https://bugs.eclipse.org/bugs/show_bug.cgi?id=169217 169217]
## Background processing of screen-scrape jobs
+
** <s>Switch the nightly build number from 0.6 to 0.7</s>
# Update the HBX doc (e.g. target protocols (e.g. OpenID), non-pluggable assumption)
+
** If the triggered build fails, there should be a link to a logfile.
# For RSS: RP site i-card issuance [https://bugs.eclipse.org/bugs/show_bug.cgi?id=152861 152861]
+
** Add a CVS label as part of the build process
# OpenID support
+
** Create a nightly build process for the STS
 +
** Create a stable build process for the STS
 +
* Documenting "How To set up an Eclipse-Hosted Server" [[User:Mary.socialphysics.org|Mary]]
  
 
===IIW Reference Application Post Mortem===
 
===IIW Reference Application Post Mortem===
# STS Configuration [https://bugs.eclipse.org/bugs/show_bug.cgi?id=163618 163618].  [[User:Mikemci.us.ibm.com]]
+
# STS Configuration [https://bugs.eclipse.org/bugs/show_bug.cgi?id=163618 163618].  [[User:Mikemci.us.ibm.com|Mike]]
 
## The bug doesn't say anything else, but I think it has to do with how the STS is configured to do things like: - insert a claim mapper between itself and the IdAS CP (dependency on claim mapping task below),  possibly include a list of allowed CP's, etc.
 
## The bug doesn't say anything else, but I think it has to do with how the STS is configured to do things like: - insert a claim mapper between itself and the IdAS CP (dependency on claim mapping task below),  possibly include a list of allowed CP's, etc.
# Mappings [[Duane.novell.com]]
+
# Mappings [[User:Duane.novell.com|Duane]]
 
## Name mappings.  
 
## Name mappings.  
 
### We used full DN values from the groupMembership.  Should have been simple (mapped) names.
 
### We used full DN values from the groupMembership.  Should have been simple (mapped) names.
 
## Claim/Attribute mapping.   
 
## Claim/Attribute mapping.   
 
### We ended up making the LDAP CP emit attributes which are named just like cardspace claims... We'd like to do this via configuration, or possibly a mapping CP, or something like that.
 
### We ended up making the LDAP CP emit attributes which are named just like cardspace claims... We'd like to do this via configuration, or possibly a mapping CP, or something like that.
# Update operations in IdAS instead of PHP LDAP. [[Dsanders.novell.com]]
+
### The STS needs to give special handling to the privatepersonalidentifier claim.  The document, A Guide to Integrating with Information Cards and Windows CardSpace v1.0, says the following: "To enable an identity provider that supports the PPID claim type to be able to always produce a consistent claim value, Windows CardSpace includes the extension element ic:ClientPseudonym/ic:PPID in the RST request. It contains the result of applying a hash function to a relying party identity and optional user-supplied entropy to produce an opaque yet consistent reference for the relying party. If the issued token contains the PPID claim, this value is to be used as the basis. The IP/STS may use this value as is or as an input seed to a custom function to derive a value for the PPID claim."  The STS should look for this ClientPseudonym/PPID element whenever the RST requests the personalprivateidentifier claim, and at the very least, return that value for the claim.
 +
# Update operations in IdAS instead of PHP LDAP. [[User:Dsanders.novell.com|Daniel]]
 
## All the update operations on the RP use PHP LDAP instead of IdAS.  
 
## All the update operations on the RP use PHP LDAP instead of IdAS.  
### Need to implement update operations in the LDAP CP first. [[Tdoman.novell.com]]
+
### Need to implement update operations in the LDAP CP first. [[User:Tdoman.novell.com|Tom]]
#### Need better design in IdAS for updates first. [https://bugs.eclipse.org/bugs/show_bug.cgi?id=163428 163428], [https://bugs.eclipse.org/bugs/show_bug.cgi?id=163429 163429], and [https://bugs.eclipse.org/bugs/show_bug.cgi?id=167978 167978] [[Jimse.novell.com]]
+
#### Need better design in IdAS for updates first. [https://bugs.eclipse.org/bugs/show_bug.cgi?id=163428 163428], [https://bugs.eclipse.org/bugs/show_bug.cgi?id=163429 163429], and [https://bugs.eclipse.org/bugs/show_bug.cgi?id=167978 167978] [[User:Jimse.novell.com|Jim]]
 
# Location of dependency libraries. (Need Owner)
 
# Location of dependency libraries. (Need Owner)
 
## We had some in the STS deployment lib directory, and others in the Tomcat shared lib.  We need a methodology for deciding where to locate these.
 
## We had some in the STS deployment lib directory, and others in the Tomcat shared lib.  We need a methodology for deciding where to locate these.
# BasicDateTimeValue couldn't be used because of some fishiness with the time zones.  [https://bugs.eclipse.org/bugs/show_bug.cgi?id=167979 167979] [[Jimse.novell.com]]
+
# BasicDateTimeValue couldn't be used because of some fishiness with the time zones.  [https://bugs.eclipse.org/bugs/show_bug.cgi?id=167979 167979] [[User:Jimse.novell.com|Jim]]
# Verify that Mike's latest STS code is in, and we can build and deploy ourselves. [[Jimse.novell.com]]
+
# Verify that Mike's latest STS code is in, and we can build and deploy ourselves. [[User:Jimse.novell.com|Jim]]
# Check in fixes to card generator to Higgins. Separate from form ui [[Ahodgkinson.novell.com]] & [[Jimse.novell.com]]
+
# <s>Check in fixes to card generator to Higgins. Separate from from ui [[User:Ahodgkinson.novell.com|Andy]] & [[User:Jimse.novell.com|Jim]]</s>
# Empty/missing claim (on forum) [[Mikemci.us.ibm.com]]
+
# Empty/missing claim (on forum) [[User:Mikemci.us.ibm.com|Mike]]
 
# LDAP CP should support any URI as the context ref (i.e. http) (Need Owner)
 
# LDAP CP should support any URI as the context ref (i.e. http) (Need Owner)
 
## This should be handled as part of the rework on the IdAS Registry
 
## This should be handled as part of the rework on the IdAS Registry
# CardID to context mapping. [https://bugs.eclipse.org/bugs/show_bug.cgi?id=163366 163366] [[Jimse.novell.com]]
+
# CardID to context mapping. [https://bugs.eclipse.org/bugs/show_bug.cgi?id=163366 163366] [[User:Jimse.novell.com|Jim]]
 
## We ended up making the CardID equal the contextRef.  It looked like this: file:///<some path on the IdAS machine to a config file>?<some identifier inside the config file representing a context>.   
 
## We ended up making the CardID equal the contextRef.  It looked like this: file:///<some path on the IdAS machine to a config file>?<some identifier inside the config file representing a context>.   
 
## It would be nice if we could come up with something a little more abstract so we're not putting something as brittle and revealing as a local filename.
 
## It would be nice if we could come up with something a little more abstract so we're not putting something as brittle and revealing as a local filename.
 
## This may be rolled into the previous task.
 
## This may be rolled into the previous task.
# STS builds are still not quite up to snuff -- see recent list traffic. [[Mikemci.us.ibm.com]]
+
# <s>STS builds are still not quite up to snuff -- see recent list traffic. [[User:Mikemci.us.ibm.com|Mike]]</s>
  
 
==See Also==
 
==See Also==
 
* [http://eclipse.org/higgins Higgins Home]
 
* [http://eclipse.org/higgins Higgins Home]
 +
* [[Milestone 1.0M8]]

Latest revision as of 09:55, 16 December 2008

{{#eclipseproject:technology.higgins|eclipse_custom_style.css}}

Higgins logo 76Wx100H.jpg

Milestone 0.7: Feb 15 With this milestone we will have roughed out all major components of the Higgins architecture including a card selector UI. Handy shortcut to create a new Higgins Bugzilla entry. See all open items

done items have strikethrough

Architecture

  • Continue to evolve the Architecture across these broad areas including:
    • Integration of idemix (cross-card policy matching) Abhi
    • First cut at I-Card Registry design Paul, Valery, SergeyL
    • IdAS registry and configuration issues Paul, Jim, Tom, Valery
      • New proposal done, Jim will lead the effort from here

HBX

  1. Move download URL to Eclipse 155452 Valery
  2. Acquire CardSpace-compatible I-Card (.crd) from webpage 168845 Maxim
  3. Update the HBX doc (e.g. target protocols (e.g. OpenID), non-pluggable assumption)
  4. OpenID support: request approval of Sxip OpenID libraries

ISS Web UI (inside HBX)

  • Initial implementation Abhi

Defer to 0.8

  1. HBX Startup, authentication issues

RP Protocol Support

  • Initial implementation 170063 Sergei
  • Getting the RP Protocol Support Service running on an Eclipse server. 170082 Sergei
  • New operation: create new CardSpace-compatible I-Card (.crd) 168850 SergeyL [in progress]

RP Enablement

  • Getting the test RPPS code running on an Eclipse server. 170301 Sergei

I-Card Selector Service

I-Card Registry

I-Card Providers

  • Cardspace-compatible Managed provider
  • CardSpace-compatible Personal provider
  • URI provider 169233 Valery, SergeyL

Token Service

  • Interop with live.microsoft.net (in progress) 152872 Mike
  • Eclipse-Hosted Higgins Token Service 169870 Mike

Token Providers

IdAS

  • IdAS API: schema create/retreive methods 160412
  • IdAS unit tests (.higgins.idas.test) [Waiting for factory instantiation mechanism] 153208
  • Many other open items

IdAS Context providers

  • Jena-based provider (uses HSQLDB) [80% done] [waiting on IPzilla] 152856 SergeyL
  • LDAP-based provider [waiting on IPzilla]

I-Card manager

  • Initial implementation Sergei

Infrastructure

  • Automated Builds Mary, Evgeniy
    • Trigger nightly builds on demand 169213
    • Trigger stable builds on demand 169214
    • Add build number to "stable build jar name" 169215
    • Add build hour and minutes
    • Add manifest document to all build zip files 169217
    • Switch the nightly build number from 0.6 to 0.7
    • If the triggered build fails, there should be a link to a logfile.
    • Add a CVS label as part of the build process
    • Create a nightly build process for the STS
    • Create a stable build process for the STS
  • Documenting "How To set up an Eclipse-Hosted Server" Mary

IIW Reference Application Post Mortem

  1. STS Configuration 163618. Mike
    1. The bug doesn't say anything else, but I think it has to do with how the STS is configured to do things like: - insert a claim mapper between itself and the IdAS CP (dependency on claim mapping task below), possibly include a list of allowed CP's, etc.
  2. Mappings Duane
    1. Name mappings.
      1. We used full DN values from the groupMembership. Should have been simple (mapped) names.
    2. Claim/Attribute mapping.
      1. We ended up making the LDAP CP emit attributes which are named just like cardspace claims... We'd like to do this via configuration, or possibly a mapping CP, or something like that.
      2. The STS needs to give special handling to the privatepersonalidentifier claim. The document, A Guide to Integrating with Information Cards and Windows CardSpace v1.0, says the following: "To enable an identity provider that supports the PPID claim type to be able to always produce a consistent claim value, Windows CardSpace includes the extension element ic:ClientPseudonym/ic:PPID in the RST request. It contains the result of applying a hash function to a relying party identity and optional user-supplied entropy to produce an opaque yet consistent reference for the relying party. If the issued token contains the PPID claim, this value is to be used as the basis. The IP/STS may use this value as is or as an input seed to a custom function to derive a value for the PPID claim." The STS should look for this ClientPseudonym/PPID element whenever the RST requests the personalprivateidentifier claim, and at the very least, return that value for the claim.
  3. Update operations in IdAS instead of PHP LDAP. Daniel
    1. All the update operations on the RP use PHP LDAP instead of IdAS.
      1. Need to implement update operations in the LDAP CP first. Tom
        1. Need better design in IdAS for updates first. 163428, 163429, and 167978 Jim
  4. Location of dependency libraries. (Need Owner)
    1. We had some in the STS deployment lib directory, and others in the Tomcat shared lib. We need a methodology for deciding where to locate these.
  5. BasicDateTimeValue couldn't be used because of some fishiness with the time zones. 167979 Jim
  6. Verify that Mike's latest STS code is in, and we can build and deploy ourselves. Jim
  7. Check in fixes to card generator to Higgins. Separate from from ui Andy & Jim
  8. Empty/missing claim (on forum) Mike
  9. LDAP CP should support any URI as the context ref (i.e. http) (Need Owner)
    1. This should be handled as part of the rework on the IdAS Registry
  10. CardID to context mapping. 163366 Jim
    1. We ended up making the CardID equal the contextRef. It looked like this: file:///<some path on the IdAS machine to a config file>?<some identifier inside the config file representing a context>.
    2. It would be nice if we could come up with something a little more abstract so we're not putting something as brittle and revealing as a local filename.
    3. This may be rolled into the previous task.
  11. STS builds are still not quite up to snuff -- see recent list traffic. Mike

See Also

Back to the top