Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 22 Next »

Infrastructure Information

Information about Project Access

All public Shibboleth project services (website, download site, wiki, svn, git, issue tracking, and maven repository at the time of this writing) may be accessed anonymously in a read-only capacity.

Wiki Service Information

The wiki (https://shibboleth.atlassian.net/wiki) provides the currently available documentation for all the Shibboleth projects as well as information about the project plans and management.

All information within the Wiki is licensed under the Creative Commons Attribute-ShareAlike 3.0 Unported (CC BY-SA 3.0) license. Any contributor posting to the wiki agrees to license their provided content under the same license.

Per the terms of the CC BY-SA 3.0 license, the content of this wiki may be used by others, without seeking permission of the author, as long as this wiki is attributed as the source of the material and any resulting work is licensed under the CC BY-SA 3.0 license or a similar license. Attribution are best performed by providing a URL to the wiki page(s) containing the source material.

The wiki is now cloud-hosted and, due to the limitations of Atlassian's SAML support, no longer relies on federated access generally. As such, we no longer control the information collected, nor how it may be used. Refer to Atlassian's policies for information on these matters. Anyone with attributed content that wishes to be removed from the list of known past users is welcome to contact us.

PLEASE NOTE: While the new site is publically viewable, you may encounter issues accessing it if you are already logged into an Atlassian account. You may not even be aware of having done so, but if you get an error accessing the new wiki indicating you don't have access via some existing account, this is the reason.

We cannot fix this!

This is a bug in their products, and has to do with the way user licenses are handled. (Yes, they claim to have fixed it, but they have not.) We have accomodated this as best we can by allowing non-public email addresses to immediately add themselves into our site, buf if you rely on a public email provider, that simply doesn't work and you will generally need to logout of Atlassian, or use a private browsing window, to access the site.

Contributions and Edit Access

In order to limit spam, we have allowed all authenticated users to comment in the new wiki, but edits or adding material is limited to authorized accounts. If you would like to contribute to the documentation, or wish to be able to login with a non-public account, you can contact us for now to get access.

As we go forward we will adjust based on demand and the capabilities of the product, which are somewhat limited and not geared toward the way we did things in the past.

Issue Tracking Service Information

The issue tracking service (https://issues.shibboleth.net) provides a place to view and track bugs, tasks, and feature/improvement requests for the Shibboleth software.

All issue descriptions and comments within the issue tracking service are licensed under the Creative Commons Attribute-ShareAlike 3.0 Unported (CC BY-SA 3.0) license.

All code/patches submitted to the issue tracking service are licensed under the Apache License, version 2 and contributed to the Shibboleth project per the terms set out in the Internet2 Intellectual Property Framework.

The system is still (temporarily, pending the move to the cloud) SAML-enabled and users wishing to post, comment on, or be informed of changes to data will need to log in via an acceptable IdP. The IdP must release:

  • a required unique identifier for the user (see below)
  • displayName if the user wishes to have a human-readable name suitable for display or search
  • mail if the user wishes to receive notifications (e.g., changes in issue status or updates to wiki pages) via email

Note that users may modify their profile name or email address, but it will be reset to an IdP-supplied value each time they login.

The preferred identifiers supported include the legacy eduPersonPrincipalName attribute and the newly-proposed SAML subject-id attribute. The latter is ideal if a name and email address are included, while EPPN is best if provided by itself because of the strong need to publically identify contributors in these collaborative tools.

If use of a public identifier is a problem due to privacy restrictions, we tolerate use of the newly-proposed SAML pairwise-id attribute, but we do not encourage it. For historical reasons, we do support the legacy pairwise identifiers that fall under the eduPersonTargetedID and SAML persistent NameID headings, but they are strongly discouraged.

The precise set of SAML 1.1 attributes supported is:

  • urn:mace:dir:attribute-def:eduPersonPrincipalName (preferred)
  • urn:oasis:names:tc:SAML:attribute:subject-id (SAML Subject ID, new proposed standard, preferred)
  • urn:oasis:names:tc:SAML:attribute:pairwise-id (SAML Pairwise ID, new proposed standard, discouraged)
  • urn:oid:1.3.6.1.4.1.5923.1.1.1.10 (targetedID as SAML attribute, strongly discouraged)
  • urn:mace:dir:attribute-def:displayName (preferred)
  • urn:mace:dir:attribute-def:cn
  • urn:mace:dir:attribute-def:mail

For SAML 2.0:

  • urn:oid:1.3.6.1.4.1.5923.1.1.1.6 (EPPN, preferred)
  • urn:oasis:names:tc:SAML:attribute:subject-id (SAML Subject ID, new proposed standard, preferred)
  • urn:oasis:names:tc:SAML:attribute:pairwise-id (SAML Pairwise ID, new proposed standard, discouraged)
  • urn:oasis:names:tc:SAML:2.0:nameid-format:persistent (targetedID as NameID, strongly discouraged)
  • urn:oid:1.3.6.1.4.1.5923.1.1.1.10 (targetedID as SAML attribute, strongly discouraged)
  • urn:oid:2.16.840.1.113730.3.1.241 (displayName, preferred)
  • urn:oid:2.5.4.3 (cn)
  • urn:oid:0.9.2342.19200300.100.1.3 (mail)
  • No labels