incubator-general mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Davanum Srinivas <d...@yahoo.com>
Subject Re: Revised OpenSAML proposal
Date Thu, 30 Jan 2003 17:21:01 GMT
CC'ing Sandeep and Krishna - the co-leads for JSR 155. 

Thanks,
dims

--- Scott Cantor <cantor.2@osu.edu> wrote:
> A revised proposal with the references to WS-Sec removed by general consent of the parties
> involved.
> 
> --- Scott
> 
> --- 
> 
> Proposal for OpenSAML, A Web Services Subproject (via Incubator)
> 
> 28 January 2003,
> Davanum Srinivas (dims@yahoo.com), Scott Cantor (cantor.2@osu.edu)
> 
> (0) rationale
> 
> To support SAML (Security Assertion Markup Language), OpenSAML was developed by Internet2
as
> part of the Shibboleth project
> (http://shibboleth.internet2.edu/). The project is currently hosted and managed by Internet2
at
> http://www.opensaml.org. Both a Java
> and C++ library are being provided and maintained, with a goal of feature parity and
API
> commonality between them.
> 
> There is also a JSR 155 - Web Services Security Assertions
> (http://www.jcp.org/en/jsr/detail?id=155) in progress that will (in their
> words) define a set of APIs, exchange patterns and implementation to securely (integrity
and
> confidentiality) exchange assertions
> between web services based on OASIS SAML. We could implement this JSR over OpenSAML,
either
> instead of or in addition to the
> existing API. This is analagous to the migration in Xerces to JAXP when it became appropriate.
> 
> The ws.apache.org PMC expressed a great deal of interest in the work in order to ramp
up their
> activities quickly, and appears to be
> eager to contribute to the success of the subproject.
> 
> (0.1) criteria
> 
> Meritocracy: Design decisions have been made in consultation with the Shibboleth development
> team.
> 
> Community: Aside from Shibboleth, a growing community of developers, mostly from higher
ed, have
> been playing with the code in their
> projects.
> 
> Core Developers: Primary author is Scott Cantor, with assistance from the Shibboleth
development
> team, and a few other
> contributions, some from Apache contributors.
> 
> Alignment: Uses Xerces and Xalan (J and C), xml-security, generally looks to Apache projects
> before turning elsewhere, due to
> compatibility of licensing terms and code quality and support.
> 
> Scope: SAML and functionality to simplify the use of SAML in areas of interest. 
> 
> (0.2) warning signs
> 
> Orphaned products: Shibboleth has some momentum, and sundry research projects exist that
have
> looked at OpenSAML as a possible
> starting point.
> 
> Inexperience: The primary author has been coding the system for about 14 months, and
has 5+
> years experience on web security
> software, primarily in C and C++. Most of that code has been made publically available
and has
> been shared explicitly with other
> institutions. Other Shibboleth developers have contributed Unix systems programming,
project
> organization, and Java experience to
> the project, and they have open source experience as well.
> 
> Homogeneous Developers: Primarily one developer to this point, though suggestions from
other
> developers have influenced design.
> Project expected to support layered functionality contributed by other interested parties
once
> core API stablity is reached. IRC has
> been used extensively to discuss issues.
> 
> Reliance on Salaried Developers: Shibboleth is funded by Internet2 at the present time,
and most
> of the development has been
> contract work, but the entire source base has been open source from the beginning.
> 
> No ties to other Apache Products: Extensive reliance on XML and Jakarta projects, should
make
> use of and serve the forthcoming WS
> projects.
> 
> Fascination with Apache Brand: Would like to foster interest in and use of SAML, attract
a
> stable of developers, extend work into
> web services, possibly explore implications of SAML and Shibboleth models for SSO and
identity
> federation within other Apache
> projects.
> 
> (1) scope of the subproject
> 
> The purpose of this subproject is to create and maintain an implementation of the SAML
standard,
> as defined by the OASIS SSTC, via
> libraries that support the messages, bindings, and profiles in the standard. This might
> eventually include reference implementations
> of SAML authorities for testing or development use (or more if there's interest). This
> subproject might include an implementation of
> the JSR-155 yet-to-be-published API for SAML in Java.
> 
> (2) identify the initial source from which the subproject is to be populated 
> 
> http://www.opensaml.org
> 
> (3) identify the ASF resources to be created 
> 
> (3.1) mailing list(s) 
> opensaml-user 
> opensaml-dev 
> 
> 
> (3.2) CVS repositories 
> ws-opensaml (currently there is a cvs at cvs.internet2.edu)
> 
> (3.3) Bugzilla 
> 
> (currently, there is a bugzilla at bugzilla.internet2.edu)
> 
> (4) identify the initial set of committers 
> 
> Scott Cantor (cantor.2@osu.edu)
> 
> Walter Hoehn (wassa@columbia.edu)
> 
> Derek Atkins (warlord@mit.edu)
> 
> Christian Geuer-Pollmann (geuer-pollmann@nue.et-inf.uni-siegen.de)
> 
> Mark Wilcox (mark.wilcox@webct.com)
> 
> (5) identify apache sponsoring individual 
> 
> Davanum Srinivas (dims@yahoo.com)
> 
> (6) open issues for discussion
> 
> Are there IPR-related concerns with SAML (patents held by RSA but offered royalty free)?
> 
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: general-unsubscribe@incubator.apache.org
> For additional commands, e-mail: general-help@incubator.apache.org
> 


=====
Davanum Srinivas - http://webservices.apache.org/~dims/

__________________________________________________
Do you Yahoo!?
Yahoo! Mail Plus - Powerful. Affordable. Sign up now.
http://mailplus.yahoo.com

Mime
View raw message