From asa.openliberty at zenn.net Wed Dec 5 14:45:28 2007 From: asa.openliberty at zenn.net (Asa Hardcastle) Date: Wed, 5 Dec 2007 17:45:28 -0500 Subject: [wsf-dev] ClientLib Dev Call: Dec 6 @ 8am pacific Message-ID: <93D2F684-F493-439D-83D2-4C23E436B6A6@zenn.net> Hi All, We'll be having conference call tomorrow at 8AM Pacific. Please join! On the docket: * revised deliverables/schedule * possible F2F workshop in January in conjunction with the TEG interim at Oracle Call info: US/Canada 866.411.0013, pin 0123586# Outside US/Canada 734.615.7474, pin 0123586# More Call options: http://openliberty.org/wiki/index.php/Main_Page#Developer_Phone_Calls talk tomorrow, asa -- Asa Hardcastle, Technical Lead, openLiberty ID-WSF ClientLib Tel: +1.413.429.1044 Skype: subsystem7 -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.openliberty.org/pipermail/wsf-dev_lists.openliberty.org/attachments/20071205/b698fe4f/attachment.html From asa.openliberty at zenn.net Tue Dec 11 07:48:17 2007 From: asa.openliberty at zenn.net (Asa Hardcastle) Date: Tue, 11 Dec 2007 10:48:17 -0500 Subject: [wsf-dev] DST 2.1 / PP 1.1 Message-ID: <91874EFA-0FA7-427A-93A9-01DDF6A659A2@zenn.net> Hi All, I am in the process of implementing some client code for the Liberty Personal Profile service. The schema refers to DST 1.1, yet there is DST 2.1 for ID-WSF 2.0. Does anyone know the differences between DST 1.1 and 2.1? If I want to implement PP 1.1 (id-sis-pp:2005-05) I assume that I will need to follow DST1.1, requiring a partial implementation. Is this true? gracias, asa -- Asa Hardcastle, Technical Lead, openLiberty ID-WSF ClientLib Tel: +1.413.429.1044 Skype: subsystem7 From asa.openliberty at zenn.net Mon Dec 17 19:06:20 2007 From: asa.openliberty at zenn.net (Asa Hardcastle) Date: Mon, 17 Dec 2007 22:06:20 -0500 Subject: [wsf-dev] ClientLib Call - 12/20 - 1pm pacific Message-ID: <2E0B6DA8-3F3E-4AFC-8054-6C3C1F25D45D@zenn.net> Hi All, This week we'll be having a ClientLib phone call at 4pm eastern (1pm Pacific). Topics: * Personal Profile Service with DST 2.1 * ID-DAP over DST 2.1 - should we build this service now? * Provisioning Service Client - what does it take, should we implement now? * January IOP testing NOTE: BRIDGE INFO IS DIFFERENT FOR THIS CALL, SINCE IT IS TIED TO THE TIME SLOT +1-866-411-0013 (toll free US/Canada Only), +1-734-615-7474 (non-US/CA Users must use this number - system will not call out), Access code: 0113179# talk to you then! asa -- Asa Hardcastle, Technical Lead, openLiberty ID-WSF ClientLib Tel: +1.413.429.1044 Skype: subsystem7 From asa.openliberty at zenn.net Tue Dec 18 18:24:28 2007 From: asa.openliberty at zenn.net (Asa Hardcastle) Date: Tue, 18 Dec 2007 21:24:28 -0500 Subject: [wsf-dev] lu:Status Message-ID: In the idwsf utility v2.0 schema (urn:liberty:util:2006-08) the Status type appears to be defined so that it can have itself as a child element making this a completely legal XML fragment: ... ... and actually: Am I reading this XSD properly? A type that may be used for status codes. A standard Status type If I'm reading this properly, why was this decision made? thanks in advance, asa -- Asa Hardcastle, Technical Lead, openLiberty ID-WSF ClientLib Tel: +1.413.429.1044 Skype: subsystem7 From cantor.2 at osu.edu Tue Dec 18 21:39:44 2007 From: cantor.2 at osu.edu (Scott Cantor) Date: Wed, 19 Dec 2007 00:39:44 -0500 Subject: [wsf-dev] lu:Status In-Reply-To: References: Message-ID: <4768AEA0.5040201@osu.edu> Asa Hardcastle wrote: > If I'm reading this properly, why was this decision made? The unbounded cardinality seems a bit odd. SAML's status codes are nested, but only one at a time. There's no material difference between nesting and using sequences of subcodes, and I've never really seen anybody nest them more than one layer deep. It's all moot anyway...security software always sends one generic error code for everything, to prevent information leakage. All the arguments over status structure are kind of ironically stupid in light of that. -- Scott From conor.p.cahill at intel.com Wed Dec 19 03:13:45 2007 From: conor.p.cahill at intel.com (Cahill, Conor P) Date: Wed, 19 Dec 2007 03:13:45 -0800 Subject: [wsf-dev] lu:Status In-Reply-To: References: Message-ID: <1B47D24854C7BC4FA8DA28BEBB59B0BA02C089EB@orsmsx419.amr.corp.intel.com> You are reading this correctly. The reason is to support multi-event status reports for partial success. So the prototypical example would be: The top level status is required to be Success or Failed (or Partial for multi-item transactions). The Second level status is optional. For single item transactions it would contain one status indicating the more detailed failure code. For multi-item transactions it would be as shown above, with a ref or positional link to the respective item in the request. Conor > -----Original Message----- > From: wsf-dev-bounces at lists.openliberty.org [mailto:wsf-dev- > bounces at lists.openliberty.org] On Behalf Of Asa Hardcastle > Sent: Tuesday, December 18, 2007 9:24 PM > To: wsf-dev at lists.openliberty.org > Subject: [wsf-dev] lu:Status > > > In the idwsf utility v2.0 schema (urn:liberty:util:2006-08) the Status > type appears to be defined so that it can have itself as a child > element making this a completely legal XML fragment: > > ... > > > > > ... > > and actually: > > > > > > > > > > > > > > Am I reading this XSD properly? > > > > > > A type that may be used for status codes. > > > > maxOccurs="unbounded"/> > > > use="optional"/> > > > > > > > A standard Status type > > > > > > If I'm reading this properly, why was this decision made? > > > thanks in advance, > > asa > > > > -- > Asa Hardcastle, Technical Lead, openLiberty ID-WSF ClientLib > Tel: +1.413.429.1044 Skype: subsystem7 > > > _______________________________________________ > Wsf-dev mailing list > Wsf-dev at lists.openliberty.org > http://lists.openliberty.org/mailman/listinfo/wsf- > dev_lists.openliberty.org From Jeff.Hodges at neustar.biz Wed Dec 19 10:02:16 2007 From: Jeff.Hodges at neustar.biz (=JeffH) Date: Wed, 19 Dec 2007 10:02:16 -0800 Subject: [wsf-dev] bug in openliberty.org wiki login Message-ID: <47695CA8.4060106@neustar.biz> It isn't obviously clear how to report this, but I'm guessing someone on this list can get it to the right person.. I attempted openid login on.. http://openliberty.org/wiki/index.php/Special:OpenIDLogin ..using "=jeffh", and received this error msg.. Fatal error: Define Auth_OpenID_RAND_SOURCE as null to continue with an insecure random number generator. in /usr/local/lib/php/Auth/OpenID/CryptUtil.php on line 52 =JeffH From eric at projectliberty.org Wed Dec 19 11:14:09 2007 From: eric at projectliberty.org (Eric Tiffany) Date: Wed, 19 Dec 2007 11:14:09 -0800 Subject: [wsf-dev] bug in openliberty.org wiki login In-Reply-To: <47695CA8.4060106@neustar.biz> Message-ID: I have forwarded to the system maintainer. I'm not sure where the OpenID code originates, but I think it came from David Recordon (for use on the Concordia wiki). ET On 12/19/07 10:02 AM, "=JeffH" wrote: > It isn't obviously clear how to report this, but I'm guessing someone on this > list can get it to the right person.. > > I attempted openid login on.. > > http://openliberty.org/wiki/index.php/Special:OpenIDLogin > > ..using "=jeffh", and received this error msg.. > > Fatal error: Define Auth_OpenID_RAND_SOURCE as null to continue with an > insecure random number generator. in > /usr/local/lib/php/Auth/OpenID/CryptUtil.php on line 52 > > > =JeffH > > > _______________________________________________ > Wsf-dev mailing list > Wsf-dev at lists.openliberty.org > http://lists.openliberty.org/mailman/listinfo/wsf-dev_lists.openliberty.org -- ____________________________________________________ Eric Tiffany | eric at projectliberty.org Interop Tech Lead | +1 413-458-3743 Liberty Alliance | +1 413-627-1778 mobile From subs at maerzcompany.com Thu Dec 20 08:04:54 2007 From: subs at maerzcompany.com (Oliver Maerz) Date: Thu, 20 Dec 2007 17:04:54 +0100 Subject: [wsf-dev] bug in openliberty.org wiki login In-Reply-To: <47695CA8.4060106@neustar.biz> References: <47695CA8.4060106@neustar.biz> Message-ID: Sorry for the issues logging in with OpenID. It should work fine, now. -Oliver On 19.12.2007, at 19:02, =JeffH wrote: > It isn't obviously clear how to report this, but I'm guessing > someone on this > list can get it to the right person.. > > I attempted openid login on.. > > http://openliberty.org/wiki/index.php/Special:OpenIDLogin > > ..using "=jeffh", and received this error msg.. > > Fatal error: Define Auth_OpenID_RAND_SOURCE as null to continue with > an > insecure random number generator. in > /usr/local/lib/php/Auth/OpenID/CryptUtil.php on line 52 > > > =JeffH > > > _______________________________________________ > Wsf-dev mailing list > Wsf-dev at lists.openliberty.org > http://lists.openliberty.org/mailman/listinfo/wsf-dev_lists.openliberty.org From asa.openliberty at zenn.net Thu Dec 20 17:17:25 2007 From: asa.openliberty at zenn.net (Asa Hardcastle) Date: Thu, 20 Dec 2007 20:17:25 -0500 Subject: [wsf-dev] today's dev call, notes Message-ID: <4F2427BA-B4B7-486A-918F-7E5CEBB5DA25@zenn.net> Hi All, Here is a summary of today's call. Attendees: Brett, Eric, Asa, Curtis 1. Personal Profile Service with DST 2.1 PP is mostly modeled, started with DST 1.1, migrating to DST 2.1. There are currently no known PP service implementations over ID-WSF 2 using DST 2.1, but doing DST 2.1 will have other benefits, such as supporting ID-DAP. PP provides personal information in a trusted web service - currently a hot topic. 2. ID-DAP over DST 2.1 - should we build this service now? ID-DAP specifications are located on the ID-SIS 1.0 specifications page, ID-DAP search in google does not bring up these pages because it is referred to as id-sis-dap. Uses DST 2.1 (backwards compatible with 1.1 but with fewer features). Looks like a fairly straight forward service client to implement. Could test with Symlabs. 3. Provisioning Service Client - what does it take, should we implement now? The plan as of a few weeks ago was to deliver alpha with the "working" service being provisioning. May still get a basic interaction up and running. Conor has put up his server again so that this will be possible. Probably not for Jan 1, however. liberty-iop.org has been renewed (fell out of domain reg. because was held by an old vendor), and now DNS records and listed contacts are being updated. 4. January IOP testing During the TEG meeting at Oracke in Burlington Mass this January we will be doing some light interop testing. Conor has said that he will be there and will test. Looking for others who are interested. Eric (eric Tiffany ) is going to be organizing the IOP. The meeting is the 8th through the 10th of January. We will try to be testing either the 9th/10th or 10th/11th based on everyone's flexibility and participation. That's all for now folks!! asa -- Asa Hardcastle, Technical Lead, openLiberty ID-WSF ClientLib Tel: +1.413.429.1044 Skype: subsystem7 From jason.rouault at hp.com Sat Dec 22 06:04:59 2007 From: jason.rouault at hp.com (Rouault, Jason (Security Management)) Date: Sat, 22 Dec 2007 14:04:59 +0000 Subject: [wsf-dev] today's dev call, notes In-Reply-To: <4F2427BA-B4B7-486A-918F-7E5CEBB5DA25@zenn.net> References: <4F2427BA-B4B7-486A-918F-7E5CEBB5DA25@zenn.net> Message-ID: HP as a provisioning service up that we would look at using for #3. Jason -----Original Message----- From: wsf-dev-bounces at lists.openliberty.org [mailto:wsf-dev-bounces at lists.openliberty.org] On Behalf Of Asa Hardcastle Sent: Thursday, December 20, 2007 6:17 PM To: wsf-dev at lists.openliberty.org Subject: [wsf-dev] today's dev call, notes Hi All, Here is a summary of today's call. Attendees: Brett, Eric, Asa, Curtis 1. Personal Profile Service with DST 2.1 PP is mostly modeled, started with DST 1.1, migrating to DST 2.1. There are currently no known PP service implementations over ID-WSF 2 using DST 2.1, but doing DST 2.1 will have other benefits, such as supporting ID-DAP. PP provides personal information in a trusted web service - currently a hot topic. 2. ID-DAP over DST 2.1 - should we build this service now? ID-DAP specifications are located on the ID-SIS 1.0 specifications page, ID-DAP search in google does not bring up these pages because it is referred to as id-sis-dap. Uses DST 2.1 (backwards compatible with 1.1 but with fewer features). Looks like a fairly straight forward service client to implement. Could test with Symlabs. 3. Provisioning Service Client - what does it take, should we implement now? The plan as of a few weeks ago was to deliver alpha with the "working" service being provisioning. May still get a basic interaction up and running. Conor has put up his server again so that this will be possible. Probably not for Jan 1, however. liberty-iop.org has been renewed (fell out of domain reg. because was held by an old vendor), and now DNS records and listed contacts are being updated. 4. January IOP testing During the TEG meeting at Oracke in Burlington Mass this January we will be doing some light interop testing. Conor has said that he will be there and will test. Looking for others who are interested. Eric (eric Tiffany ) is going to be organizing the IOP. The meeting is the 8th through the 10th of January. We will try to be testing either the 9th/10th or 10th/11th based on everyone's flexibility and participation. That's all for now folks!! asa -- Asa Hardcastle, Technical Lead, openLiberty ID-WSF ClientLib Tel: +1.413.429.1044 Skype: subsystem7 _______________________________________________ Wsf-dev mailing list Wsf-dev at lists.openliberty.org http://lists.openliberty.org/mailman/listinfo/wsf-dev_lists.openliberty.org