Infrastructure Information

1 Information about Project Access
- 1.1 Contributions and Write Access
2 Wiki Service Information
3 Issue Tracking Service Information
4 Member Support Desk
5 Privacy

Information about Project Access

All public Shibboleth project services (website, download site, wiki, svn, git, issue tracking, and maven repository at the time of this writing) may be accessed anonymously in a read-only capacity.

Access to GitWeb is now limited to those able to authenticate via eduGAIN (via SAML 2.0) but is not limited otherwise. This change was made to address denial of service issues caused by malicious actors (i.e., AI tools). We do not intend to limit access further unless it becomes necessary.

Contributions and Write Access

We have configured the new Confluence and Jira sites to allow anyone using an email address from a non-public domain to obtain access via Atlassian's standard workflow (if you’re logged into their platform, you should be able to request automatic user-level access). Access to the site includes the ability to comment or add/edit pages, create issues, etc., though we reserve the right to limit this if we encounter spam problems. Any contributor posting to the wiki or creating an issue agrees to license their provided content under the same license noted above.

If you would like to contribute to the documentation or file an issue via an account using a public email domain (or you just don’t see the request option for whatever reason), you can contact us for now to get access, but we may do additional follow up to ensure the request is legitimate.

As we go forward we will adjust based on demand and the capabilities of the product, which are more limited and not geared toward the way we did things in the past.

The services are now cloud-hosted and, due to the limitations of Atlassian's SAML support, no longer relies on federated access generally. As such, we no longer control the information collected, nor how it may be used. Refer to Atlassian's policies for information on these matters. Anyone with attributed content that wishes to be removed from the list of known past users is welcome to contact us.

Wiki Service Information

The wiki (https://shibboleth.atlassian.net/wiki) provides the currently available documentation for all the Shibboleth projects as well as information about the project plans and management.

All information within the Wiki is licensed under the Attribution-ShareAlike 4.0 International (CC BY-SA 4.0) license.

Per the terms of the CC BY-SA 4.0 license, the content of this wiki may be used by others, without seeking permission of the author, as long as this wiki is attributed as the source of the material and any resulting work is licensed under the CC BY-SA 4.0 license or a similar license. Attribution is best performed by providing a URL to the wiki page(s) containing the source material.

We also have a WikiStyleGuide available to aid in maintaining consistency.

Issue Tracking Service Information

The issue tracking service provides a place to view and track bugs, tasks, and feature/improvement requests for the Shibboleth software. We are in the midst of a transition from the old hosted instance (https://issues.shibboleth.net) to the cloud instance (https://shibboleth.atlassian.net/jira) but at this time all software projects, old and new, have been migrated to the cloud instance and are read-only on the old system.

All issue descriptions and comments within the issue tracking service are licensed under the Attribution-ShareAlike 4.0 International (CC BY-SA 4.0) license.

All code/patches submitted to the issue tracking service must be licensed under the Apache License, version 2 or otherwise contributed to the Shibboleth Project per the terms set out by the project’s Contribution Policy.

Member Support Desk

Member support has also been migrated to the Jira Cloud tenant and http://support.shibboleth.net is the best method to use to access that platform, as it will redirect to a dashboard that provides direct access to a Jira project set up for each member to raise requests. Access to the support feature is limited to Atlassian accounts identified by one or more access managers identified within each member organization to identify the people with access.

Privacy

Our only capture of personal information at present is purely voluntary, and consists of our mailing lists and the login process implemented for GitWeb in 2025. The former obviously captures email addresses and any self-asserted names provided by subscribers and we archive the lists publically. The login process for GitWeb is not by design attempting to capture anything in the way of personal information but does capture various standard identifiers for the purposes of audit logging, and those logs are only kept for a month or so before rolling off.

We will never provide information to any third party save for when legally required to do so (our self-hosted services operate under US jurisdiction).