KeithH Documentation Pages

(KH 29 April 2013) Drafting is done. Awaiting further review and wrap-up tasks.

(SJM 29 April 2013) – I've added notes with or or icons next to them to indicate whether I think these tasks are done, in my court, or still in KH's court, respectively, as of 5pm PDT on 29 Apr 2013

(SJM 22 April 2013) AFAIK, nothing needed from Keith on this page other than quick review of Client Auth and Grouper sections, which do little more than contextualize and refer to the 'actual' installation instructions located separately (and noted by KH below).

(SJM 29 April 2013) – this task appears complete to SJM

(SJM 22 April 2013) From inspection, and per JIRA IAM-79, documentation about how to generate a self-signed cert is already included in the current wiki doc that is referenced above (cf. section "Generate a self-signed key with openssl" – amendments / corrections / suggestions here are welcome if there's something wrong included in this documentation section!!). Addition in Keith's attached Word doc re: which bit to extract and send to a Bamboo admin is helpful, but would be more helpful if it directly referenced the steps that the Bamboo admin would take once s/he has received the public X.509, which is also already described on the same page, cf. section "A Bamboo Service Platform administrator places a trusted client's X.509 cert in the proper directory."

What's missing from the Configure Apache Web Server for Client Auth page is still missing from the attached Word doc: what to do on the client side with the self-generated cert. Note that instructions for Poster are given (Configuring Firefox Poster as a test client). What I am hoping to have from Keith is instructions that pertain to a Drupal instance hosted on a Linux box. I think this probably means only a brief HowTo about configuring httpd on such a box, but perhaps Drupal handles its own certs / SSL layer – I just don't know. That's why I didn't attempt to write this section of the documents.

(KH 26 April 2013) We've resolved that the client auth bits are handled in PHP code running within Drupal. Steve is producing documentation based on Bruce Barton's code and Brian Wood's work on Account Services.

(SJM 29 April 2013) – this task appears complete to SJM

(SJM 29 April 2013) – this task / document is now in SJM's court ... intended to be incorporated in documentation this week

(SJM, 22 April 2013)

The document referenced above was last updated in Aug 2012. Most important, this document refers to local entities in connection with the "App Catalog" data, but AFAIK that is no longer current. [I do not have an instance of Grouper with the current data in it ... should I spend the hour or two re-creating this via re-install and backup so that we can look at the data, or is there still a current instance at arche (if the latter, how can I see it?)?]

From KH e-mail of 23 Oct 2012, thread w/ subject heading "Grouper import/export status, tasks, recipe": The problem with local entities was [...] so now we represent applications as plain old groups and Bob's your uncle.

Also, this draft does not discuss how to add persons to Innovation Licensed Apps (more complicated than it will be when there's a Subject Adapter to the Person Service in place, but I think documentation is necessary to describe current-state now; and to be updated when Subject Adapter is available).

Note that this documentation task is tracked in JIRA IAM-116. If it would be helpful to move this/these notes there, where threading is easier to track, we can do so.

(KH 24 April 2013) Further comments added to JIRA IAM-116.

(SJM 29 April 2013) – this task / document is now in SJM's court ... intended to be incorporated in documentation this week tonight

(SJM 29 April 2013) – this task / document is now complete, except for review by KH. note that the section re: adding subjects to the interim Subject DB will be incorporated in the Grouper - Install Configure - Populate document, not this one.

(SJM, 22 April 2013) SJM to take next steps on this

NOTE TO STEVE:

• Review metadata file attached to this page; commit to an appropriate place in the (Sourceforge) svn repo once reviewed
• KH document Fed Metadata HowTo on Google Sites is shared with steve.masover (not accessible via masover@berkeley.edu Google ID, due to Berkeley silliness)
• Document referenced in the above Google Sites document is a Word doc attached to IAM-26.
• All these need to be appropriately combined/referenced in documentation on wikihub, Maintaining SAML Metadata that establishes a Trust Federation

(SJM 29 April 2013) – this task appears complete to SJM, but the doc could benefit from some very light, pro-forma review by Keith. Note that SAML metadata is now versioned here

 (SJM, 29 April 2013) Keith, I think we agree that this is not actually complete until:

1. you've done a PoC pass through the instructions to prove them correct and complete; and,
2. you've drafted some v. brief contextualizing text referencing the instructions and SimpleSAMLphp directories
3. you've included in the contextualizing text some verbiage acknowledging that the actual testing during the project, when all the elements of the Trust Federation were in place, was done with a different impl of the Social/SAML GW (you can just sketch in the facts if you like, I'm happy to pretty this up)
4. you've included in the contextualizing info the instructions on configuration of the gateway to supply an ePPN for every social media IdP trusted to authenticate, as discussed in an extended e-mail thread April 8-10 under the subject heading Checking in on Bamboo documentation (and referenced in my comment of 10 April in this page: https://projectbamboo.atlassian.net/wiki/x/b4Mb)

(KH 29 April 2013) These items will take some time to complete due in part to other obligations and in part to the amount of work involved.

(SJM, 29 April 2013) Acknowledged, Keith, that completion of this item will take a bit more time. We should discuss status before what I recall is your week out of the office scheduled for next week.

(SJM, 22 April 2013) SJM to take next steps on this

KH: This looks like a good start. Let me take the next iteration, and I may come back to you for (low time-impact) review.

(SJM 29 April 2013) – this task appears complete to SJM

(SJM, 29 April 2013) Keith, I don't believe this is done yet, am I mistaken?

(KH 29 April 2013) The link above your note is live. The document is ready for review

(SJM, 29 April 2013) SJM acknowledging ball in SJM's court on this.

(SJM, 30 April 2013) – this task appears complete to SJM