[
Date Prev][
Date Next][
Thread Prev][
Thread Next][
Date Index][
Thread Index]
[
List Home]
| [higgins-dev] Notes from November 9 Higgins call noon ET | 
NOTE: The following notes HAVE been combed through and edited for
readability. Action items at the end. -Paul
Attendees
---------
- Duane, Mary, Tom, Mike, Jeff, Paul, Brian, Daniel, Tony, Pete, and others
AGENDA
======
A) Action Items/Key accomplishments since the last call
----------------------------------------------------
- IIW tasks on Higgins wiki
- Look into availability of Eclipse servers for running STS, etc. 
- IdAS Registry check-in
B) Review of Pat's Reference App goals and tasks for IIW
-----------------------------------------------------
1) IContext.open identity interface
(http://dev.eclipse.org/mhonarc/lists/higgins-dev/msg01033.html )
2) LDAP CP integration with IdAS Registry
 
If you look at the sample code I sent
(http://dev.eclipse.org/mhonarc/lists/higgins-dev/msg01012.html ), you'll
notice two non-higgins interfaces:
import org.bandit.higgins.cp.jndi.BasicUsernamePasswordIdentity;
import org.bandit.higgins.cp.jndi.JNDIContextFactory;
For the STS-IdAS integration, we need these to be gone.  In other words, we
need IdAS interfaes to accomplish these, we can't directly consume a
specific CP's interfaces (aside from the obvious reason, this CP isn't even
a Higgins CP yet).
C) Other topics
------------
- Wiki website reorganization (including automated builds)
- Face-to-Face plans, finalizing the agenda, etc.
Discussion
==========
Action Items from previous week
----------------------------------
- Mary: Novell has added a lot of bugzilla tasks and doc to the site around
their Dec 4th demo at IIW
- Mary: Eclipse is currently unable to offer any virtual servers, but will
get back to Mary on this
- Mary: it was great to see Greg's IdAS registry code checked in last week 
Wiki/Site and needing to document "Deployments" (vs. "Components")
------------------------------------------------------------------
- Paul pointed the group to http://wiki.eclipse.org/index.php/Components.
You could think of each Higgins "component" as a lego peice. But we need to
do a bit more than this. We need to describe a few "deployments" which are
actually running apps or services that Higgins should support. Paul will
work on creating a higher level "deployments" wiki page to capture this
- Tony: yes, we need to document instances for where we want to build
something that runs
- Pat: We've described in our "ref app 1" [a "deployment"] that we want to
build. It is basically a standalone STS that happens to use IdAS and a
client all working together.
- Mike: [WRT "deployments"] we need to figure out what the priorities are.
E.g. which deployment architectures we will focus on. However, if we were to
document what we have now, it will change dramatically very soon.
- Tony: The Higgins project doesn't want to have to support too many
configurations
- Paul: Agreed, each one is a big burden 
- Pat: Projects ["deployments"] will be good. Components [alone] are hard
for people to understand. 
The upcoming demo (and related IP issues)
-----------------------------------------
- Mike: Is this a Higgins or Bandit demo? 
- Pat: Dale will do a presentation and talk about Bandit, and the
expectation is that Paul would do a presentation and that Paul would talk
about Higgins. There are aspects of what we'll show that are beyond Higgins,
e.g., we will talk about our RP and what we're doing beyond auth, namely,
roles and auditing.
- Pat: I know that there are IP concerns, and we're trying to resolve them
as best we can
- Mike: In order to interface STS to IdAS there are some LGPL libraries
currently needed.
- Pat: Yes, but hopefully this will be resolved tomorrow
- Jim: Now that we have a registry then item #2 [above] should be resolved
- Jim: WRT #1 [above]: Context.open() takes a java object parameter for
authentication. There is no interface that is analogous to Java Subject,
etc. We need to fix this.
- Mike: the problem I have are the interfaces I have to use in my code
(STS). I get into trouble if I need to use a new one that's not already on
the list (I have to deal with new disclosures, new license terms, etc.). 
- Mike: I need to only use Higgins interfaces. 
- Jim: But you're using Apache libraries...
- Mike: Yes, and that had to be approved (and was with some effort)
- Pat: Sound like we need to start the process of allowing Bandit components
to be used by Higgins
- Mary: Eclipse has implemented a new system called IPzilla. Every time you
wish to use a third party library you have to request it through IPzilla.
They also have a new project called Orbit.
- Pat: Mary, please send a pointer to IPzilla, etc. to the list
- Mary: Okay.
- Pat: We can use IPzilla to request approval for Bandit components. We'd
love the Bandit license to be reviewed by Eclipse. And if there is a problem
we'll fix it.
- May: Some licenses, e.g. GPL are non starters. But let's have a look at
the Bandit license.
- Jim: Is this the process that allows an Eclipse project to redistribute
these jars?
- Mary: yes
- Mike: IBM definitely asked me which libraries I needed in order to build
vs. needed to run
- Pat: is this right: we can check in code that USES other libraries as long
as don't redistribute the jars?
- Mike: well, if the interface is in another package I have to list all of
these external packages. If I add one, I have to go through the IBM process
again. 
- Jim: The good news is that because the IdAS registry is [now] there, we
should be able to check in an STS that doesn't have any references to the
cp.jndi provider
- Tony: Mike should not have to include any Bandit interfaces in his code
- Jim: cp.jndi context provider integration with IdAS registry (now a high
priority). We'll add it to Bugzilla
F2F Agenda
----------
- Mary: any additions to
http://wiki.eclipse.org/index.php/11.16.2006_F2F_Agenda  
- Tom: we should add an item to discuss packaging issues 
Other
-----
- Pat: Is there anything else, Mike, that you need from us?
- Mike: I've gotten help from Andy [of Novell] and from Microsoft. Working
with Novell has been easy, but working with Microsoft on interop is harder.
There is not much documentation, and it is hard to get responses. 
- Pat: Dale has an excellent relationship with Kim. And our new agreement
with Microsoft also helps. Please send us questions. We can get quick
turnaround from MS.
- Mike: Microsoft hasn't defined the security policy. WS-Trust and
WS-SecurityPolicy have lots of flexibility in them. 
- Mike: The documentation that I've been told not to share with anyone
(CardSpace version 1.0 tech ref) doesn't document this
- Andy: I've not seen anything about policy either
- Mike: I asked for doc, and in the absence of doc, to send me a sample.
They sent me a sample policy.
- Mike: Oddly, they can't support whitespace anywhere in the card. The
signing library added this (I had to hack the Apache library to fix this)
- Pat: We're also working on a standalone tomcat installation
- Mike: I have added a little web interface on the STS that generates a card
- Mike: We're making progress, slower than we'd like, but progress
- Mike: Will Jim be in Boston next week?
- Pat: Tom will be in Boston.
- Mike: I hope we have something running by next week's meeting
Action Items
============
- Mary: Will send pointers to IPzilla and Orbit, etc. to the list
- Pat: Paul and Dale: need to document the demo and related presentations
- Pat: Tom, Dale, Mary, Tony & Paul: need to have a separate phone call on
IP issues. Mary will arrange. Paul suggested maybe an Eclipse person might
be helpful too.
- Paul: to create a first draft of a "deployments" section on the Higgins
site