Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 33 Next »

Information about Project Access

All public Shibboleth project services (website, download site, wiki, svn, git, issue tracking, and maven repository at the time of this writing) may be accessed anonymously in a read-only capacity.

Contributions and Write Access

We have configured the new sites to allow anyone using an email address from a non-public domain to request access via Atlassian's standard workflow. Any routine request for access will generally be approved, and access to the site includes the ability to comment or add/edit pages, create issues, etc. Any contributor posting to the wiki or creating an issue agrees to license their provided content under the same license noted above.

If you would like to contribute to the documentation or file an issue via an account using a public email domain, you can contact us for now to get access, but we may do additional follow up to ensure the request is legitimate.

As we go forward we will adjust based on demand and the capabilities of the product, which are more limited and not geared toward the way we did things in the past.

The services are now cloud-hosted and, due to the limitations of Atlassian's SAML support, no longer relies on federated access generally. As such, we no longer control the information collected, nor how it may be used. Refer to Atlassian's policies for information on these matters. Anyone with attributed content that wishes to be removed from the list of known past users is welcome to contact us.

Wiki Service Information

The wiki (https://shibboleth.atlassian.net/wiki) provides the currently available documentation for all the Shibboleth projects as well as information about the project plans and management.

All information within the Wiki is licensed under the Creative Commons Attribute-ShareAlike 3.0 Unported (CC BY-SA 3.0) license.

Per the terms of the CC BY-SA 3.0 license, the content of this wiki may be used by others, without seeking permission of the author, as long as this wiki is attributed as the source of the material and any resulting work is licensed under the CC BY-SA 3.0 license or a similar license. Attribution is best performed by providing a URL to the wiki page(s) containing the source material.

Issue Tracking Service Information

The issue tracking service provides a place to view and track bugs, tasks, and feature/improvement requests for the Shibboleth software. We are in the midst of a transition from the old hosted instance (https://issues.shibboleth.net) to the cloud instance (https://shibboleth.atlassian.net/jira) but at this time all software projects, old and new, have been migrated to the cloud instance and are read-only on the old system.

All issue descriptions and comments within the issue tracking service are licensed under the Creative Commons Attribute-ShareAlike 3.0 Unported (CC BY-SA 3.0) license.

All code/patches submitted to the issue tracking service must be licensed under the Apache License, version 2 or otherwise contributed to the Shibboleth Project per the terms set out by the project’s Contribution Policy.

Member Support Desk

Pending the final migration, member support is still being managed via the old Jira Service Desk system; for ease of migration in the new future, http://support.shibboleth.net is the best method to use to access that platform.

Federated Access

The older hosted platform is SAML-enabled, and members seeking support will need to log in via an acceptable IdP. The IdP must release:

  • a required unique identifier for the user (see below)

  • displayName if the user wishes to have a human-readable name suitable for display or search

  • mail if the user wishes to receive notifications (e.g., changes in issue status or updates to wiki pages) via email

Note that users may modify their profile name or email address, but it will be reset to an IdP-supplied value each time they login.

The preferred identifiers supported include the legacy eduPersonPrincipalName attribute and the newly-proposed SAML subject-id attribute. The latter is ideal if a name and email address are included, while EPPN is best if provided by itself because of the strong need to publically identify contributors in these collaborative tools.

If use of a public identifier is a problem due to privacy restrictions, we tolerate use of the newly-proposed SAML pairwise-id attribute, but we do not encourage it. For historical reasons, we do support the legacy pairwise identifiers that fall under the eduPersonTargetedID and SAML persistent NameID headings, but they are strongly discouraged.

The precise set of SAML 1.1 attributes supported is:

  • urn:mace:dir:attribute-def:eduPersonPrincipalName (preferred)

  • urn:oasis:names:tc:SAML:attribute:subject-id (SAML Subject ID, new proposed standard, preferred)

  • urn:oasis:names:tc:SAML:attribute:pairwise-id (SAML Pairwise ID, new proposed standard, discouraged)

  • urn:oid:1.3.6.1.4.1.5923.1.1.1.10 (targetedID as SAML attribute, strongly discouraged)

  • urn:mace:dir:attribute-def:displayName (preferred)

  • urn:mace:dir:attribute-def:cn

  • urn:mace:dir:attribute-def:mail

For SAML 2.0:

  • urn:oid:1.3.6.1.4.1.5923.1.1.1.6 (EPPN, preferred)

  • urn:oasis:names:tc:SAML:attribute:subject-id (SAML Subject ID, new proposed standard, preferred)

  • urn:oasis:names:tc:SAML:attribute:pairwise-id (SAML Pairwise ID, new proposed standard, discouraged)

  • urn:oasis:names:tc:SAML:2.0:nameid-format:persistent (targetedID as NameID, strongly discouraged)

  • urn:oid:1.3.6.1.4.1.5923.1.1.1.10 (targetedID as SAML attribute, strongly discouraged)

  • urn:oid:2.16.840.1.113730.3.1.241 (displayName, preferred)

  • urn:oid:2.5.4.3 (cn)

  • urn:oid:0.9.2342.19200300.100.1.3 (mail)

  • No labels