Shibboleth Developer's Meeting, 2015-09-18
Call Administrivia
10:00 Central US / 11:00 Eastern US / 16:00 UK
Calls are normally the 1st and 3rd Fridays of each month. Next call would be Friday 2015-10-02. Any reason to deviate from this?
60 to 90 minute call window.
This week's call will use the Lync system at OSU. To participate, call:
- +1 (614) 688-1800 (please use if possible)
- +1 (800) 678-6114 (use only if you're charged for the 614 number)
The Conference ID is: 738127#
International participants should be able to access the 800 number without charge through Skype.
AGENDA
- JPA DDL / compatibility
- SPNEGO / Kerberos
- SLO and SPNEGO timeline / 3.2 impact
Attendees:
Brent
Finalizing delegation flow. Have provisional authN and subject c14n worked out, need to decide on the exact approach we'll use. Remaining bits are around policy enforcement. Also need to circle back around and make changes we have discussed around assertion delegation.
...
Daniel Lutz (SWITCH)
Attending to discuss SPNEGO login flow.
Working on SPNEGO login flow.
- Architecture of the SPNEGO login flow
- The first release will probably provide a standalone SPNEGO login flow only, no combined view for Password and SPNEGO.
- Scott will look for a general way to plug-in alternative login methods to the Password login flow. (This use case is not restricted to SPNEGO.)
- We implemented the external authentication part of the SPNEGO login flow using an MVC controller instead of a servlet.
- The SPNEGO login flow will support conditional activation, flexibly configurable via JavaScript (e.g. activation based on the client's IP address or some token in the user agent' identifier string).
- The login flow will be called "SPNEGO" instead of "SPNEGOKerberos", but will be restricted to support Kerberos only.