bodington-developers

[Bodington-developers] SP testing on wiki

[Alistair Y. <ali...@sm...>]

I've updated the testing page:
http://www.bodington.org/wiki/index.php? 
title=TestRel2.8#Shibboleth_Functionality

Good work Atif on the sp module but bod itself just isn't ready to be  
an sp IMHO.

Alistair

Re: [Bodington-developers] SP testing on wiki

[Sean M. <se...@sm...>]

OK.

Thanks, Alistair.

Guys, we need to parse what Alistair has written about the SP and  
IdP. The idea of registering the bod urn is easy. How do we register  
it practically? Is there a cost? Need it be an institution?

On the SP side, Atif, can you fix the things Al has found there,  
including the documentation? We really need the SP to work as a final  
output for GX.

Thanks,
S



On 5 Jul 2006, at 10:38, Alistair Young wrote:

> I've updated the testing page:
> http://www.bodington.org/wiki/index.php?
> title=TestRel2.8#Shibboleth_Functionality
>
> Good work Atif on the sp module but bod itself just isn't ready to be
> an sp IMHO.
>
> Alistair
>
>
> Using Tomcat but need to do more? Need to support web services,  
> security?
> Get stuff done quickly with pre-integrated technology to make your  
> job easier
> Download IBM WebSphere Application Server v.1.0.1 based on Apache  
> Geronimo
> http://sel.as-us.falkag.net/sel? 
> cmd=lnk&kid=120709&bid=263057&dat=121642
> _______________________________________________
> Bodington-developers mailing list
> Bod...@li...
> https://lists.sourceforge.net/lists/listinfo/bodington-developers
>

Re: [Bodington-developers] SP testing on wiki

[Alistair Y. <ali...@sm...>]

I've updated the wiki with URLs for registering namespaces

On 5 Jul 2006, at 11:16, Sean Mehan wrote:

> OK.
>
> Thanks, Alistair.
>
> Guys, we need to parse what Alistair has written about the SP and
> IdP. The idea of registering the bod urn is easy. How do we register
> it practically? Is there a cost? Need it be an institution?
>
> On the SP side, Atif, can you fix the things Al has found there,
> including the documentation? We really need the SP to work as a final
> output for GX.
>
> Thanks,
> S
>
>
>
> On 5 Jul 2006, at 10:38, Alistair Young wrote:
>
>> I've updated the testing page:
>> http://www.bodington.org/wiki/index.php?
>> title=TestRel2.8#Shibboleth_Functionality
>>
>> Good work Atif on the sp module but bod itself just isn't ready to be
>> an sp IMHO.
>>
>> Alistair
>>
>>
>> Using Tomcat but need to do more? Need to support web services,
>> security?
>> Get stuff done quickly with pre-integrated technology to make your
>> job easier
>> Download IBM WebSphere Application Server v.1.0.1 based on Apache
>> Geronimo
>> http://sel.as-us.falkag.net/sel?
>> cmd=lnk&kid=120709&bid=263057&dat=121642
>> _______________________________________________
>> Bodington-developers mailing list
>> Bod...@li...
>> https://lists.sourceforge.net/lists/listinfo/bodington-developers
>>
>
>
> Using Tomcat but need to do more? Need to support web services,  
> security?
> Get stuff done quickly with pre-integrated technology to make your  
> job easier
> Download IBM WebSphere Application Server v.1.0.1 based on Apache  
> Geronimo
> http://sel.as-us.falkag.net/sel? 
> cmd=lnk&kid=120709&bid=263057&dat=121642
> _______________________________________________
> Bodington-developers mailing list
> Bod...@li...
> https://lists.sourceforge.net/lists/listinfo/bodington-developers

[Bodington-developers] .eu domain names

[Adam M. <ada...@co...>]

This prompted me to say:

Bodington.eu has not been taken yet, nor has tetraelf.eu

| -----Original Message-----
| From: bod...@li...
| [mailto:bod...@li...] On Behalf Of
| Sean Mehan
| Sent: 05 July 2006 11:17
| To: Bodington developers
| Subject: Re: [Bodington-developers] SP testing on wiki
| 
| OK.
| 
| Thanks, Alistair.
| 
| Guys, we need to parse what Alistair has written about the SP and
| IdP. The idea of registering the bod urn is easy. How do we register
| it practically? Is there a cost? Need it be an institution?
| 
| On the SP side, Atif, can you fix the things Al has found there,
| including the documentation? We really need the SP to work as a final
| output for GX.
| 
| Thanks,
| S
| 
| 
| 
| On 5 Jul 2006, at 10:38, Alistair Young wrote:
| 
| > I've updated the testing page:
| > http://www.bodington.org/wiki/index.php?
| > title=TestRel2.8#Shibboleth_Functionality
| >
| > Good work Atif on the sp module but bod itself just isn't ready to be
| > an sp IMHO.
| >
| > Alistair
| >
| >
| > Using Tomcat but need to do more? Need to support web services,
| > security?
| > Get stuff done quickly with pre-integrated technology to make your
| > job easier
| > Download IBM WebSphere Application Server v.1.0.1 based on Apache
| > Geronimo
| > http://sel.as-us.falkag.net/sel?
| > cmd=lnk&kid=120709&bid=263057&dat=121642
| > _______________________________________________
| > Bodington-developers mailing list
| > Bod...@li...
| > https://lists.sourceforge.net/lists/listinfo/bodington-developers
| >
| 
| 
| Using Tomcat but need to do more? Need to support web services, security?
| Get stuff done quickly with pre-integrated technology to make your job
| easier
| Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo
| http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642
| _______________________________________________
| Bodington-developers mailing list
| Bod...@li...
| https://lists.sourceforge.net/lists/listinfo/bodington-developers

Re: [Bodington-developers] SP testing on wiki

[Atif S. <BM...@bm...>]

Thanks Alistair for the feedback: 
http://www.bodington.org/wiki/index.php?title=TestRel2.8#Shibboleth_Functionality

Any work on bodington-sp will have to wait until Socket project is 
finished at the end of the month.

Ta
Atif.


Sean Mehan wrote:

>On the SP side, Atif, can you fix the things Al has found there,  
>including the documentation? We really need the SP to work as a final  
>output for GX.
>
>Thanks,
>S
>
>
>
>On 5 Jul 2006, at 10:38, Alistair Young wrote:
>
>  
>
>>I've updated the testing page:
>>http://www.bodington.org/wiki/index.php?
>>title=TestRel2.8#Shibboleth_Functionality
>>
>>Good work Atif on the sp module but bod itself just isn't ready to be
>>an sp IMHO.
>>
>>Alistair
>>
>>
>>
>>.
>>
>>    
>>

Re: [Bodington-developers] SP testing on wiki

[Alistair Y. <ali...@sm...>]

nae probs wee man!

On 5 Jul 2006, at 12:16, Atif Suleman wrote:

> Thanks Alistair for the feedback:
> http://www.bodington.org/wiki/index.php? 
> title=TestRel2.8#Shibboleth_Functionality
>
> Any work on bodington-sp will have to wait until Socket project is
> finished at the end of the month.
>
> Ta
> Atif.
>
>
> Sean Mehan wrote:
>
>> On the SP side, Atif, can you fix the things Al has found there,
>> including the documentation? We really need the SP to work as a final
>> output for GX.
>>
>> Thanks,
>> S
>>
>>
>>
>> On 5 Jul 2006, at 10:38, Alistair Young wrote:
>>
>>
>>
>>> I've updated the testing page:
>>> http://www.bodington.org/wiki/index.php?
>>> title=TestRel2.8#Shibboleth_Functionality
>>>
>>> Good work Atif on the sp module but bod itself just isn't ready  
>>> to be
>>> an sp IMHO.
>>>
>>> Alistair
>>>
>>>
>>>
>>> .
>>>
>>>
>>>
>
>
> Using Tomcat but need to do more? Need to support web services,  
> security?
> Get stuff done quickly with pre-integrated technology to make your  
> job easier
> Download IBM WebSphere Application Server v.1.0.1 based on Apache  
> Geronimo
> http://sel.as-us.falkag.net/sel? 
> cmd=lnk&kid=120709&bid=263057&dat=121642
> _______________________________________________
> Bodington-developers mailing list
> Bod...@li...
> https://lists.sourceforge.net/lists/listinfo/bodington-developers

Re: [Bodington-developers] SP testing on wiki

[Sean M. <se...@sm...>]

well, what it does mean is that

1) GX isn't done, still;
2) 2.8 will ship with no SP support unless we delay the 2.8 release  
for an indeterminate amount of time.

If it is the case that we still haven't finished GX (with the SP in  
bod being a component of that), then, I suppose that we are beholden  
to Leeds to find the time for
their current project, which is still giving them money, in order to  
complete a project for which they received all of their money some  
time ago.

As for 2, all things being equal, its a ++2 from me to ship Bod 2.8  
with no SP support.

s


On 5 Jul 2006, at 12:13, Alistair Young wrote:

> nae probs wee man!
>
> On 5 Jul 2006, at 12:16, Atif Suleman wrote:
>
>> Thanks Alistair for the feedback:
>> http://www.bodington.org/wiki/index.php?
>> title=TestRel2.8#Shibboleth_Functionality
>>
>> Any work on bodington-sp will have to wait until Socket project is
>> finished at the end of the month.
>>
>> Ta
>> Atif.
>>
>>
>> Sean Mehan wrote:
>>
>>> On the SP side, Atif, can you fix the things Al has found there,
>>> including the documentation? We really need the SP to work as a  
>>> final
>>> output for GX.
>>>
>>> Thanks,
>>> S
>>>
>>>
>>>
>>> On 5 Jul 2006, at 10:38, Alistair Young wrote:
>>>
>>>
>>>
>>>> I've updated the testing page:
>>>> http://www.bodington.org/wiki/index.php?
>>>> title=TestRel2.8#Shibboleth_Functionality
>>>>
>>>> Good work Atif on the sp module but bod itself just isn't ready
>>>> to be
>>>> an sp IMHO.
>>>>
>>>> Alistair
>>>>
>>>>
>>>>
>>>> .
>>>>
>>>>
>>>>
>>
>>
>> Using Tomcat but need to do more? Need to support web services,
>> security?
>> Get stuff done quickly with pre-integrated technology to make your
>> job easier
>> Download IBM WebSphere Application Server v.1.0.1 based on Apache
>> Geronimo
>> http://sel.as-us.falkag.net/sel?
>> cmd=lnk&kid=120709&bid=263057&dat=121642
>> _______________________________________________
>> Bodington-developers mailing list
>> Bod...@li...
>> https://lists.sourceforge.net/lists/listinfo/bodington-developers
>
>
> Using Tomcat but need to do more? Need to support web services,  
> security?
> Get stuff done quickly with pre-integrated technology to make your  
> job easier
> Download IBM WebSphere Application Server v.1.0.1 based on Apache  
> Geronimo
> http://sel.as-us.falkag.net/sel? 
> cmd=lnk&kid=120709&bid=263057&dat=121642
> _______________________________________________
> Bodington-developers mailing list
> Bod...@li...
> https://lists.sourceforge.net/lists/listinfo/bodington-developers
>

Re: [Bodington-developers] SP testing on wiki

[Adam M. <ada...@co...>]

It is a real big shame that bod aint no SP but I gree that we should get it
out. +1

Colin should have by now finished editing the wiki to indicate the status of
bugs (and RFE's that have also crept in during testing).

adam

| -----Original Message-----
| From: bod...@li...
| [mailto:bod...@li...] On Behalf Of
| Sean Mehan
| Sent: 05 July 2006 12:41
| To: Bodington developers
| Subject: Re: [Bodington-developers] SP testing on wiki
| 
| well, what it does mean is that
| 
| 1) GX isn't done, still;
| 2) 2.8 will ship with no SP support unless we delay the 2.8 release
| for an indeterminate amount of time.
| 
| If it is the case that we still haven't finished GX (with the SP in
| bod being a component of that), then, I suppose that we are beholden
| to Leeds to find the time for
| their current project, which is still giving them money, in order to
| complete a project for which they received all of their money some
| time ago.
| 
| As for 2, all things being equal, its a ++2 from me to ship Bod 2.8
| with no SP support.
| 
| s
| 
| 
| On 5 Jul 2006, at 12:13, Alistair Young wrote:
| 
| > nae probs wee man!
| >
| > On 5 Jul 2006, at 12:16, Atif Suleman wrote:
| >
| >> Thanks Alistair for the feedback:
| >> http://www.bodington.org/wiki/index.php?
| >> title=TestRel2.8#Shibboleth_Functionality
| >>
| >> Any work on bodington-sp will have to wait until Socket project is
| >> finished at the end of the month.
| >>
| >> Ta
| >> Atif.
| >>
| >>
| >> Sean Mehan wrote:
| >>
| >>> On the SP side, Atif, can you fix the things Al has found there,
| >>> including the documentation? We really need the SP to work as a
| >>> final
| >>> output for GX.
| >>>
| >>> Thanks,
| >>> S
| >>>
| >>>
| >>>
| >>> On 5 Jul 2006, at 10:38, Alistair Young wrote:
| >>>
| >>>
| >>>
| >>>> I've updated the testing page:
| >>>> http://www.bodington.org/wiki/index.php?
| >>>> title=TestRel2.8#Shibboleth_Functionality
| >>>>
| >>>> Good work Atif on the sp module but bod itself just isn't ready
| >>>> to be
| >>>> an sp IMHO.
| >>>>
| >>>> Alistair
| >>>>
| >>>>
| >>>>
| >>>> .
| >>>>
| >>>>
| >>>>
| >>
| >>
| >> Using Tomcat but need to do more? Need to support web services,
| >> security?
| >> Get stuff done quickly with pre-integrated technology to make your
| >> job easier
| >> Download IBM WebSphere Application Server v.1.0.1 based on Apache
| >> Geronimo
| >> http://sel.as-us.falkag.net/sel?
| >> cmd=lnk&kid=120709&bid=263057&dat=121642
| >> _______________________________________________
| >> Bodington-developers mailing list
| >> Bod...@li...
| >> https://lists.sourceforge.net/lists/listinfo/bodington-developers
| >
| >
| > Using Tomcat but need to do more? Need to support web services,
| > security?
| > Get stuff done quickly with pre-integrated technology to make your
| > job easier
| > Download IBM WebSphere Application Server v.1.0.1 based on Apache
| > Geronimo
| > http://sel.as-us.falkag.net/sel?
| > cmd=lnk&kid=120709&bid=263057&dat=121642
| > _______________________________________________
| > Bodington-developers mailing list
| > Bod...@li...
| > https://lists.sourceforge.net/lists/listinfo/bodington-developers
| >
| 
| 
| Using Tomcat but need to do more? Need to support web services, security?
| Get stuff done quickly with pre-integrated technology to make your job
| easier
| Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo
| http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642
| _______________________________________________
| Bodington-developers mailing list
| Bod...@li...
| https://lists.sourceforge.net/lists/listinfo/bodington-developers

Re: [Bodington-developers] SP testing on wiki

[Colin T. <col...@ou...>]

Sean Mehan wrote:
> well, what it does mean is that
> 
> 1) GX isn't done, still;
> 2) 2.8 will ship with no SP support unless we delay the 2.8 release  
> for an indeterminate amount of time.

Are the problems with the SP that bad that we remove it for 2.8?
I think the main one is the fact that you can't use the same login route for Shibb and normal Bod 
auth (and the fact that sysadmin has to go via /opensite/). If it's possible to release it with the 
SP stuff turned off, it will work as normal, and if people want to test the SP, they follow some 
short instructions to enable it (and find out that they have to now login via /opensite/ as sysadmin)?

Colin


> If it is the case that we still haven't finished GX (with the SP in  
> bod being a component of that), then, I suppose that we are beholden  
> to Leeds to find the time for
> their current project, which is still giving them money, in order to  
> complete a project for which they received all of their money some  
> time ago.
> 
> As for 2, all things being equal, its a ++2 from me to ship Bod 2.8  
> with no SP support.
> 
> s
> 
> 
> On 5 Jul 2006, at 12:13, Alistair Young wrote:
> 
> 
>>nae probs wee man!
>>
>>On 5 Jul 2006, at 12:16, Atif Suleman wrote:
>>
>>
>>>Thanks Alistair for the feedback:
>>>http://www.bodington.org/wiki/index.php?
>>>title=TestRel2.8#Shibboleth_Functionality
>>>
>>>Any work on bodington-sp will have to wait until Socket project is
>>>finished at the end of the month.
>>>
>>>Ta
>>>Atif.
>>>
>>>
>>>Sean Mehan wrote:
>>>
>>>
>>>>On the SP side, Atif, can you fix the things Al has found there,
>>>>including the documentation? We really need the SP to work as a  
>>>>final
>>>>output for GX.
>>>>
>>>>Thanks,
>>>>S
>>>>
>>>>
>>>>
>>>>On 5 Jul 2006, at 10:38, Alistair Young wrote:
>>>>
>>>>
>>>>
>>>>
>>>>>I've updated the testing page:
>>>>>http://www.bodington.org/wiki/index.php?
>>>>>title=TestRel2.8#Shibboleth_Functionality
>>>>>
>>>>>Good work Atif on the sp module but bod itself just isn't ready
>>>>>to be
>>>>>an sp IMHO.
>>>>>
>>>>>Alistair
>>>>>
-- 
____________________________________
Colin Tatham
VLE Team
Oxford University Computing Services

http://www.oucs.ox.ac.uk/ltg/vle/
http://bodington.org

Re: [Bodington-developers] SP testing on wiki

[Alistair Y. <ali...@sm...>]

Let me clarify first, that the issue is with bod itself, not with  
what Atif has produced as a shibb module. I suspect the hand of  
politics involved and as we all know, developers are it's servants.

It would seem that local demands have impinged upon the gx philosophy  
of minimal disruption. e.g. the bod IdP runs without normal users'  
knowledge and the SP should do the same. We, the gx project as a  
whole, could have caught this earlier if we'd known about it but we  
didn't so we couldn't. As the gx project is not about custom coding  
to local demands then I would say it's fair to ask Atif or someone  
Leeds can nominate to remove the implications of those local demands  
and bring bod in line with the minimal philosophy.

This means providing a separate shibb route into bod. We've seen it  
before with webauth etc so it's possible and is arguably the way it  
should have been.

As it stands, it's unacceptable to change the way an institution's  
users work just so that a feature of the vle can be tested. When  
opening your vle to shibbed users means inconveniencing your own  
users, then we have failed. It's bad practice and bad publicity that  
will only harm bod in the long run.

The Guanxi and SOCKET projects enjoy a symbiotic relationship so  
let's not disturb that. Instead, let's find a way out of this that is  
benficial to all concerned. Whether that means subcontracting to  
someone who knows enough about bod to implement this is a matter for  
discussion.

Indeed, we know of someone who is currently available and is fresh  
from testing bod and has some shibb knowledge to boot ;)

Alistair


On 5 Jul 2006, at 12:57, Colin Tatham wrote:

> Sean Mehan wrote:
>> well, what it does mean is that
>>
>> 1) GX isn't done, still;
>> 2) 2.8 will ship with no SP support unless we delay the 2.8 release
>> for an indeterminate amount of time.
>
> Are the problems with the SP that bad that we remove it for 2.8?
> I think the main one is the fact that you can't use the same login  
> route for Shibb and normal Bod
> auth (and the fact that sysadmin has to go via /opensite/). If it's  
> possible to release it with the
> SP stuff turned off, it will work as normal, and if people want to  
> test the SP, they follow some
> short instructions to enable it (and find out that they have to now  
> login via /opensite/ as sysadmin)?
>
> Colin
>
>
>> If it is the case that we still haven't finished GX (with the SP in
>> bod being a component of that), then, I suppose that we are beholden
>> to Leeds to find the time for
>> their current project, which is still giving them money, in order to
>> complete a project for which they received all of their money some
>> time ago.
>>
>> As for 2, all things being equal, its a ++2 from me to ship Bod 2.8
>> with no SP support.
>>
>> s
>>
>>
>> On 5 Jul 2006, at 12:13, Alistair Young wrote:
>>
>>
>>> nae probs wee man!
>>>
>>> On 5 Jul 2006, at 12:16, Atif Suleman wrote:
>>>
>>>
>>>> Thanks Alistair for the feedback:
>>>> http://www.bodington.org/wiki/index.php?
>>>> title=TestRel2.8#Shibboleth_Functionality
>>>>
>>>> Any work on bodington-sp will have to wait until Socket project is
>>>> finished at the end of the month.
>>>>
>>>> Ta
>>>> Atif.
>>>>
>>>>
>>>> Sean Mehan wrote:
>>>>
>>>>
>>>>> On the SP side, Atif, can you fix the things Al has found there,
>>>>> including the documentation? We really need the SP to work as a
>>>>> final
>>>>> output for GX.
>>>>>
>>>>> Thanks,
>>>>> S
>>>>>
>>>>>
>>>>>
>>>>> On 5 Jul 2006, at 10:38, Alistair Young wrote:
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>> I've updated the testing page:
>>>>>> http://www.bodington.org/wiki/index.php?
>>>>>> title=TestRel2.8#Shibboleth_Functionality
>>>>>>
>>>>>> Good work Atif on the sp module but bod itself just isn't ready
>>>>>> to be
>>>>>> an sp IMHO.
>>>>>>
>>>>>> Alistair
>>>>>>
> -- 
> ____________________________________
> Colin Tatham
> VLE Team
> Oxford University Computing Services
>
> http://www.oucs.ox.ac.uk/ltg/vle/
> http://bodington.org
>
> Using Tomcat but need to do more? Need to support web services,  
> security?
> Get stuff done quickly with pre-integrated technology to make your  
> job easier
> Download IBM WebSphere Application Server v.1.0.1 based on Apache  
> Geronimo
> http://sel.as-us.falkag.net/sel? 
> cmd=lnk&kid=120709&bid=263057&dat=121642
> _______________________________________________
> Bodington-developers mailing list
> Bod...@li...
> https://lists.sourceforge.net/lists/listinfo/bodington-developers

Re: [Bodington-developers] SP testing on wiki

[Colin T. <col...@ou...>]

Although I agree with most of what you say (I think) it doesn't seem to address what I was 
suggesting/asking? (Maybe it wasn't supposed to :-) )

1) Can the SP bit be turned off by default, or re-configured so that the *Shibb* route is via a 
different URL?
2) Is the SP code already in HEAD?

Although I agree having a different login route for Shibb isn't as good as a Shunnel(!) releasing 
2.8 with different URL Shibb is better than not including it at all, especially if we have to take 
the code out of HEAD?

Colin

Alistair Young wrote:
> Let me clarify first, that the issue is with bod itself, not with  
> what Atif has produced as a shibb module. I suspect the hand of  
> politics involved and as we all know, developers are it's servants.
> 
> It would seem that local demands have impinged upon the gx philosophy  
> of minimal disruption. e.g. the bod IdP runs without normal users'  
> knowledge and the SP should do the same. We, the gx project as a  
> whole, could have caught this earlier if we'd known about it but we  
> didn't so we couldn't. As the gx project is not about custom coding  
> to local demands then I would say it's fair to ask Atif or someone  
> Leeds can nominate to remove the implications of those local demands  
> and bring bod in line with the minimal philosophy.
> 
> This means providing a separate shibb route into bod. We've seen it  
> before with webauth etc so it's possible and is arguably the way it  
> should have been.
> 
> As it stands, it's unacceptable to change the way an institution's  
> users work just so that a feature of the vle can be tested. When  
> opening your vle to shibbed users means inconveniencing your own  
> users, then we have failed. It's bad practice and bad publicity that  
> will only harm bod in the long run.
> 
> The Guanxi and SOCKET projects enjoy a symbiotic relationship so  
> let's not disturb that. Instead, let's find a way out of this that is  
> benficial to all concerned. Whether that means subcontracting to  
> someone who knows enough about bod to implement this is a matter for  
> discussion.
> 
> Indeed, we know of someone who is currently available and is fresh  
> from testing bod and has some shibb knowledge to boot ;)
> 
> Alistair
> 
> 
> On 5 Jul 2006, at 12:57, Colin Tatham wrote:
> 
> 
>>Sean Mehan wrote:
>>
>>>well, what it does mean is that
>>>
>>>1) GX isn't done, still;
>>>2) 2.8 will ship with no SP support unless we delay the 2.8 release
>>>for an indeterminate amount of time.
>>
>>Are the problems with the SP that bad that we remove it for 2.8?
>>I think the main one is the fact that you can't use the same login  
>>route for Shibb and normal Bod
>>auth (and the fact that sysadmin has to go via /opensite/). If it's  
>>possible to release it with the
>>SP stuff turned off, it will work as normal, and if people want to  
>>test the SP, they follow some
>>short instructions to enable it (and find out that they have to now  
>>login via /opensite/ as sysadmin)?
>>
>>Colin
>>
>>
>>
>>>If it is the case that we still haven't finished GX (with the SP in
>>>bod being a component of that), then, I suppose that we are beholden
>>>to Leeds to find the time for
>>>their current project, which is still giving them money, in order to
>>>complete a project for which they received all of their money some
>>>time ago.
>>>
>>>As for 2, all things being equal, its a ++2 from me to ship Bod 2.8
>>>with no SP support.
>>>
>>>s
>>>
>>>
>>>On 5 Jul 2006, at 12:13, Alistair Young wrote:
>>>
>>>
>>>
>>>>nae probs wee man!
>>>>
>>>>On 5 Jul 2006, at 12:16, Atif Suleman wrote:
>>>>
>>>>
>>>>
>>>>>Thanks Alistair for the feedback:
>>>>>http://www.bodington.org/wiki/index.php?
>>>>>title=TestRel2.8#Shibboleth_Functionality
>>>>>
>>>>>Any work on bodington-sp will have to wait until Socket project is
>>>>>finished at the end of the month.
>>>>>
>>>>>Ta
>>>>>Atif.
>>>>>
>>>>>
>>>>>Sean Mehan wrote:
>>>>>
>>>>>
>>>>>
>>>>>>On the SP side, Atif, can you fix the things Al has found there,
>>>>>>including the documentation? We really need the SP to work as a
>>>>>>final
>>>>>>output for GX.
>>>>>>
>>>>>>Thanks,
>>>>>>S
>>>>>>
>>>>>>
>>>>>>
>>>>>>On 5 Jul 2006, at 10:38, Alistair Young wrote:
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>>I've updated the testing page:
>>>>>>>http://www.bodington.org/wiki/index.php?
>>>>>>>title=TestRel2.8#Shibboleth_Functionality
>>>>>>>
>>>>>>>Good work Atif on the sp module but bod itself just isn't ready
>>>>>>>to be
>>>>>>>an sp IMHO.
>>>>>>>
>>>>>>>Alistair
>>>>>>>
>>
>>-- 
>>____________________________________
>>Colin Tatham
>>VLE Team
>>Oxford University Computing Services
>>
>>http://www.oucs.ox.ac.uk/ltg/vle/
>>http://bodington.org
>>
>>Using Tomcat but need to do more? Need to support web services,  
>>security?
>>Get stuff done quickly with pre-integrated technology to make your  
>>job easier
>>Download IBM WebSphere Application Server v.1.0.1 based on Apache  
>>Geronimo
>>http://sel.as-us.falkag.net/sel? 
>>cmd=lnk&kid=120709&bid=263057&dat=121642
>>_______________________________________________
>>Bodington-developers mailing list
>>Bod...@li...
>>https://lists.sourceforge.net/lists/listinfo/bodington-developers
> 
> 
> 
> Using Tomcat but need to do more? Need to support web services, security?
> Get stuff done quickly with pre-integrated technology to make your job easier
> Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo
> http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642
> _______________________________________________
> Bodington-developers mailing list
> Bod...@li...
> https://lists.sourceforge.net/lists/listinfo/bodington-developers
> 
> 


-- 
____________________________________
Colin Tatham
VLE Team
Oxford University Computing Services

http://www.oucs.ox.ac.uk/ltg/vle/
http://bodington.org

Re: [Bodington-developers] SP testing on wiki

[Atif S. <BM...@bm...>]

>1) Can the SP bit be turned off by default, or re-configured so that the *Shibb* route is via a 
>different URL?
>
By default it is turned off.

>2) Is the SP code already in HEAD?
>  
>
It's been in head for 5 months.

Ta
Atif.

Re: [Bodington-developers] SP testing on wiki

[Alistair Y. <ali...@sm...>]

> Can the SP bit be turned off by default
it's off by default

> re-configured so that the *Shibb* route is via a
> different URL?
that's what I was talking about - there needs to be some dev work to  
implement the new shibb url

> Is the SP code already in HEAD?
yes

> have to take
> the code out of HEAD?
no

> different login route for Shibb isn't as good as a Shunnel(!)
they're the same! a shunnel (cringe) is just another route into an  
app via shibb. In this case it's a different url, /site/ 
bs_template_shibb_login.html or something.

the issue is that the SP is too "invasive" for normal use. It can't  
be used in a production bod as when it's turned on, all users must  
login via it or via /opensite and when it's turned off they have to  
revert to using the normal login in /site.

The code can stay in head and won't delay 2.8. What will delay 2.8 is  
waiting for a shibb url to be implemented so that bod can be  
advertised as an sp in 2.8

Alistair


On 5 Jul 2006, at 13:58, Colin Tatham wrote:

> Although I agree with most of what you say (I think) it doesn't  
> seem to address what I was
> suggesting/asking? (Maybe it wasn't supposed to :-) )
>
> 1) Can the SP bit be turned off by default, or re-configured so  
> that the *Shibb* route is via a
> different URL?
> 2) Is the SP code already in HEAD?
>
> Although I agree having a different login route for Shibb isn't as  
> good as a Shunnel(!) releasing
> 2.8 with different URL Shibb is better than not including it at  
> all, especially if we have to take
> the code out of HEAD?
>
> Colin
>
> Alistair Young wrote:
>> Let me clarify first, that the issue is with bod itself, not with
>> what Atif has produced as a shibb module. I suspect the hand of
>> politics involved and as we all know, developers are it's servants.
>>
>> It would seem that local demands have impinged upon the gx philosophy
>> of minimal disruption. e.g. the bod IdP runs without normal users'
>> knowledge and the SP should do the same. We, the gx project as a
>> whole, could have caught this earlier if we'd known about it but we
>> didn't so we couldn't. As the gx project is not about custom coding
>> to local demands then I would say it's fair to ask Atif or someone
>> Leeds can nominate to remove the implications of those local demands
>> and bring bod in line with the minimal philosophy.
>>
>> This means providing a separate shibb route into bod. We've seen it
>> before with webauth etc so it's possible and is arguably the way it
>> should have been.
>>
>> As it stands, it's unacceptable to change the way an institution's
>> users work just so that a feature of the vle can be tested. When
>> opening your vle to shibbed users means inconveniencing your own
>> users, then we have failed. It's bad practice and bad publicity that
>> will only harm bod in the long run.
>>
>> The Guanxi and SOCKET projects enjoy a symbiotic relationship so
>> let's not disturb that. Instead, let's find a way out of this that is
>> benficial to all concerned. Whether that means subcontracting to
>> someone who knows enough about bod to implement this is a matter for
>> discussion.
>>
>> Indeed, we know of someone who is currently available and is fresh
>> from testing bod and has some shibb knowledge to boot ;)
>>
>> Alistair
>>
>>
>> On 5 Jul 2006, at 12:57, Colin Tatham wrote:
>>
>>
>>> Sean Mehan wrote:
>>>
>>>> well, what it does mean is that
>>>>
>>>> 1) GX isn't done, still;
>>>> 2) 2.8 will ship with no SP support unless we delay the 2.8 release
>>>> for an indeterminate amount of time.
>>>
>>> Are the problems with the SP that bad that we remove it for 2.8?
>>> I think the main one is the fact that you can't use the same login
>>> route for Shibb and normal Bod
>>> auth (and the fact that sysadmin has to go via /opensite/). If it's
>>> possible to release it with the
>>> SP stuff turned off, it will work as normal, and if people want to
>>> test the SP, they follow some
>>> short instructions to enable it (and find out that they have to now
>>> login via /opensite/ as sysadmin)?
>>>
>>> Colin
>>>
>>>
>>>
>>>> If it is the case that we still haven't finished GX (with the SP in
>>>> bod being a component of that), then, I suppose that we are  
>>>> beholden
>>>> to Leeds to find the time for
>>>> their current project, which is still giving them money, in  
>>>> order to
>>>> complete a project for which they received all of their money some
>>>> time ago.
>>>>
>>>> As for 2, all things being equal, its a ++2 from me to ship Bod 2.8
>>>> with no SP support.
>>>>
>>>> s
>>>>
>>>>
>>>> On 5 Jul 2006, at 12:13, Alistair Young wrote:
>>>>
>>>>
>>>>
>>>>> nae probs wee man!
>>>>>
>>>>> On 5 Jul 2006, at 12:16, Atif Suleman wrote:
>>>>>
>>>>>
>>>>>
>>>>>> Thanks Alistair for the feedback:
>>>>>> http://www.bodington.org/wiki/index.php?
>>>>>> title=TestRel2.8#Shibboleth_Functionality
>>>>>>
>>>>>> Any work on bodington-sp will have to wait until Socket  
>>>>>> project is
>>>>>> finished at the end of the month.
>>>>>>
>>>>>> Ta
>>>>>> Atif.
>>>>>>
>>>>>>
>>>>>> Sean Mehan wrote:
>>>>>>
>>>>>>
>>>>>>
>>>>>>> On the SP side, Atif, can you fix the things Al has found there,
>>>>>>> including the documentation? We really need the SP to work as a
>>>>>>> final
>>>>>>> output for GX.
>>>>>>>
>>>>>>> Thanks,
>>>>>>> S
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> On 5 Jul 2006, at 10:38, Alistair Young wrote:
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>> I've updated the testing page:
>>>>>>>> http://www.bodington.org/wiki/index.php?
>>>>>>>> title=TestRel2.8#Shibboleth_Functionality
>>>>>>>>
>>>>>>>> Good work Atif on the sp module but bod itself just isn't ready
>>>>>>>> to be
>>>>>>>> an sp IMHO.
>>>>>>>>
>>>>>>>> Alistair
>>>>>>>>
>>>
>>> -- 
>>> ____________________________________
>>> Colin Tatham
>>> VLE Team
>>> Oxford University Computing Services
>>>
>>> http://www.oucs.ox.ac.uk/ltg/vle/
>>> http://bodington.org
>>>
>>> Using Tomcat but need to do more? Need to support web services,
>>> security?
>>> Get stuff done quickly with pre-integrated technology to make your
>>> job easier
>>> Download IBM WebSphere Application Server v.1.0.1 based on Apache
>>> Geronimo
>>> http://sel.as-us.falkag.net/sel?
>>> cmd=lnk&kid=120709&bid=263057&dat=121642
>>> _______________________________________________
>>> Bodington-developers mailing list
>>> Bod...@li...
>>> https://lists.sourceforge.net/lists/listinfo/bodington-developers
>>
>>
>>
>> Using Tomcat but need to do more? Need to support web services,  
>> security?
>> Get stuff done quickly with pre-integrated technology to make your  
>> job easier
>> Download IBM WebSphere Application Server v.1.0.1 based on Apache  
>> Geronimo
>> http://sel.as-us.falkag.net/sel? 
>> cmd=lnk&kid=120709&bid=263057&dat=121642
>> _______________________________________________
>> Bodington-developers mailing list
>> Bod...@li...
>> https://lists.sourceforge.net/lists/listinfo/bodington-developers
>>
>>
>
>
> -- 
> ____________________________________
> Colin Tatham
> VLE Team
> Oxford University Computing Services
>
> http://www.oucs.ox.ac.uk/ltg/vle/
> http://bodington.org
>
> Using Tomcat but need to do more? Need to support web services,  
> security?
> Get stuff done quickly with pre-integrated technology to make your  
> job easier
> Download IBM WebSphere Application Server v.1.0.1 based on Apache  
> Geronimo
> http://sel.as-us.falkag.net/sel? 
> cmd=lnk&kid=120709&bid=263057&dat=121642
> _______________________________________________
> Bodington-developers mailing list
> Bod...@li...
> https://lists.sourceforge.net/lists/listinfo/bodington-developers

Re: [Bodington-developers] SP testing on wiki

[Colin T. <col...@ou...>]

Alistair Young wrote:
>>different login route for Shibb isn't as good as a Shunnel(!)
> 
> they're the same! a shunnel (cringe) is just another route into an  
> app via shibb. In this case it's a different url, /site/ 
> bs_template_shibb_login.html or something.

I thought a shunnel (AY cringes) was a single page where users have to choose the login method, i.e. 
at the *same* URL as any other login point...

> the issue is that the SP is too "invasive" for normal use. It can't  
> be used in a production bod as when it's turned on, all users must  
> login via it or via /opensite and when it's turned off they have to  
> revert to using the normal login in /site.

Yes, I understand that, but why is it so much work to change that behaviour, so that normal users 
login via /site/ and Shibb users via /xyz/? Then, whether it's turned on or off makes no diff to 
normal users...

> The code can stay in head and won't delay 2.8.

OK, I though someone had suggested that it had to be removed...

> What will delay 2.8 is  
> waiting for a shibb url to be implemented so that bod can be  
> advertised as an sp in 2.8
> 
> Alistair
> 
> 
> On 5 Jul 2006, at 13:58, Colin Tatham wrote:
> 
> 
>>Although I agree with most of what you say (I think) it doesn't  
>>seem to address what I was
>>suggesting/asking? (Maybe it wasn't supposed to :-) )
>>
>>1) Can the SP bit be turned off by default, or re-configured so  
>>that the *Shibb* route is via a
>>different URL?
>>2) Is the SP code already in HEAD?
>>
>>Although I agree having a different login route for Shibb isn't as  
>>good as a Shunnel(!) releasing
>>2.8 with different URL Shibb is better than not including it at  
>>all, especially if we have to take
>>the code out of HEAD?
>>
>>Colin
>>
>>Alistair Young wrote:
>>
>>>Let me clarify first, that the issue is with bod itself, not with
>>>what Atif has produced as a shibb module. I suspect the hand of
>>>politics involved and as we all know, developers are it's servants.
>>>
>>>It would seem that local demands have impinged upon the gx philosophy
>>>of minimal disruption. e.g. the bod IdP runs without normal users'
>>>knowledge and the SP should do the same. We, the gx project as a
>>>whole, could have caught this earlier if we'd known about it but we
>>>didn't so we couldn't. As the gx project is not about custom coding
>>>to local demands then I would say it's fair to ask Atif or someone
>>>Leeds can nominate to remove the implications of those local demands
>>>and bring bod in line with the minimal philosophy.
>>>
>>>This means providing a separate shibb route into bod. We've seen it
>>>before with webauth etc so it's possible and is arguably the way it
>>>should have been.
>>>
>>>As it stands, it's unacceptable to change the way an institution's
>>>users work just so that a feature of the vle can be tested. When
>>>opening your vle to shibbed users means inconveniencing your own
>>>users, then we have failed. It's bad practice and bad publicity that
>>>will only harm bod in the long run.
>>>
>>>The Guanxi and SOCKET projects enjoy a symbiotic relationship so
>>>let's not disturb that. Instead, let's find a way out of this that is
>>>benficial to all concerned. Whether that means subcontracting to
>>>someone who knows enough about bod to implement this is a matter for
>>>discussion.
>>>
>>>Indeed, we know of someone who is currently available and is fresh
>>>from testing bod and has some shibb knowledge to boot ;)
>>>
>>>Alistair
>>>
>>>
>>>On 5 Jul 2006, at 12:57, Colin Tatham wrote:
>>>
>>>
>>>
>>>>Sean Mehan wrote:
>>>>
>>>>
>>>>>well, what it does mean is that
>>>>>
>>>>>1) GX isn't done, still;
>>>>>2) 2.8 will ship with no SP support unless we delay the 2.8 release
>>>>>for an indeterminate amount of time.
>>>>
>>>>Are the problems with the SP that bad that we remove it for 2.8?
>>>>I think the main one is the fact that you can't use the same login
>>>>route for Shibb and normal Bod
>>>>auth (and the fact that sysadmin has to go via /opensite/). If it's
>>>>possible to release it with the
>>>>SP stuff turned off, it will work as normal, and if people want to
>>>>test the SP, they follow some
>>>>short instructions to enable it (and find out that they have to now
>>>>login via /opensite/ as sysadmin)?
>>>>
>>>>Colin
>>>>
>>>>
>>>>
>>>>
>>>>>If it is the case that we still haven't finished GX (with the SP in
>>>>>bod being a component of that), then, I suppose that we are  
>>>>>beholden
>>>>>to Leeds to find the time for
>>>>>their current project, which is still giving them money, in  
>>>>>order to
>>>>>complete a project for which they received all of their money some
>>>>>time ago.
>>>>>
>>>>>As for 2, all things being equal, its a ++2 from me to ship Bod 2.8
>>>>>with no SP support.
>>>>>
>>>>>s
>>>>>
>>>>>
>>>>>On 5 Jul 2006, at 12:13, Alistair Young wrote:
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>>nae probs wee man!
>>>>>>
>>>>>>On 5 Jul 2006, at 12:16, Atif Suleman wrote:
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>>Thanks Alistair for the feedback:
>>>>>>>http://www.bodington.org/wiki/index.php?
>>>>>>>title=TestRel2.8#Shibboleth_Functionality
>>>>>>>
>>>>>>>Any work on bodington-sp will have to wait until Socket  
>>>>>>>project is
>>>>>>>finished at the end of the month.
>>>>>>>
>>>>>>>Ta
>>>>>>>Atif.
>>>>>>>
>>>>>>>
>>>>>>>Sean Mehan wrote:
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>>On the SP side, Atif, can you fix the things Al has found there,
>>>>>>>>including the documentation? We really need the SP to work as a
>>>>>>>>final
>>>>>>>>output for GX.
>>>>>>>>
>>>>>>>>Thanks,
>>>>>>>>S
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>>On 5 Jul 2006, at 10:38, Alistair Young wrote:
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>>>I've updated the testing page:
>>>>>>>>>http://www.bodington.org/wiki/index.php?
>>>>>>>>>title=TestRel2.8#Shibboleth_Functionality
>>>>>>>>>
>>>>>>>>>Good work Atif on the sp module but bod itself just isn't ready
>>>>>>>>>to be
>>>>>>>>>an sp IMHO.
>>>>>>>>>
>>>>>>>>>Alistair
>>>>>>>>>
>>>>
>>>>-- 
>>>>____________________________________
>>>>Colin Tatham
>>>>VLE Team
>>>>Oxford University Computing Services
>>>>
>>>>http://www.oucs.ox.ac.uk/ltg/vle/
>>>>http://bodington.org
-- 
____________________________________
Colin Tatham
VLE Team
Oxford University Computing Services

http://www.oucs.ox.ac.uk/ltg/vle/
http://bodington.org

Re: [Bodington-developers] SP testing on wiki

[Atif S. <BM...@bm...>]

Colin Tatham wrote:

>
>..... change that behaviour, so that normal users login via /site/ and Shibb users via /xyz/?                                          Then, whether it's turned on or off makes no diff to normal users...
>  
>
It's very simple to do. Add the following into bodington web.xml:

<filter-mapping>
        <filter-name>Guanxi Resource Guard</filter-name>
         <url-pattern>/spsite/*</url-pattern>
</filter-mapping>

<servlet-mapping>
        <servlet-name>building</servlet-name>
        <url-pattern>/spsite/*</url-pattern>
</servlet-mapping>

Ta
Atif.

Re: [Bodington-developers] SP testing on wiki

[Alistair Y. <ali...@sm...>]

> why is it so much work to change that behaviour, so that normal users
> login via /site/ and Shibb users via /xyz/?
spot on - that's the goal, shibb users go in via /xyz - I can't say  
how much work that is but until it's there bod can't be advertised as  
an sp. Taking over the /site for shibb users and shunting normal  
users to /opensite is not going to go down well with the bod community.

Alistair


On 5 Jul 2006, at 14:24, Colin Tatham wrote:

> Alistair Young wrote:
>>> different login route for Shibb isn't as good as a Shunnel(!)
>>
>> they're the same! a shunnel (cringe) is just another route into an
>> app via shibb. In this case it's a different url, /site/
>> bs_template_shibb_login.html or something.
>
> I thought a shunnel (AY cringes) was a single page where users have  
> to choose the login method, i.e.
> at the *same* URL as any other login point...
>
>> the issue is that the SP is too "invasive" for normal use. It can't
>> be used in a production bod as when it's turned on, all users must
>> login via it or via /opensite and when it's turned off they have to
>> revert to using the normal login in /site.
>
> Yes, I understand that, but why is it so much work to change that  
> behaviour, so that normal users
> login via /site/ and Shibb users via /xyz/? Then, whether it's  
> turned on or off makes no diff to
> normal users...
>
>> The code can stay in head and won't delay 2.8.
>
> OK, I though someone had suggested that it had to be removed...
>
>> What will delay 2.8 is
>> waiting for a shibb url to be implemented so that bod can be
>> advertised as an sp in 2.8
>>
>> Alistair
>>
>>
>> On 5 Jul 2006, at 13:58, Colin Tatham wrote:
>>
>>
>>> Although I agree with most of what you say (I think) it doesn't
>>> seem to address what I was
>>> suggesting/asking? (Maybe it wasn't supposed to :-) )
>>>
>>> 1) Can the SP bit be turned off by default, or re-configured so
>>> that the *Shibb* route is via a
>>> different URL?
>>> 2) Is the SP code already in HEAD?
>>>
>>> Although I agree having a different login route for Shibb isn't as
>>> good as a Shunnel(!) releasing
>>> 2.8 with different URL Shibb is better than not including it at
>>> all, especially if we have to take
>>> the code out of HEAD?
>>>
>>> Colin
>>>
>>> Alistair Young wrote:
>>>
>>>> Let me clarify first, that the issue is with bod itself, not with
>>>> what Atif has produced as a shibb module. I suspect the hand of
>>>> politics involved and as we all know, developers are it's servants.
>>>>
>>>> It would seem that local demands have impinged upon the gx  
>>>> philosophy
>>>> of minimal disruption. e.g. the bod IdP runs without normal users'
>>>> knowledge and the SP should do the same. We, the gx project as a
>>>> whole, could have caught this earlier if we'd known about it but we
>>>> didn't so we couldn't. As the gx project is not about custom coding
>>>> to local demands then I would say it's fair to ask Atif or someone
>>>> Leeds can nominate to remove the implications of those local  
>>>> demands
>>>> and bring bod in line with the minimal philosophy.
>>>>
>>>> This means providing a separate shibb route into bod. We've seen it
>>>> before with webauth etc so it's possible and is arguably the way it
>>>> should have been.
>>>>
>>>> As it stands, it's unacceptable to change the way an institution's
>>>> users work just so that a feature of the vle can be tested. When
>>>> opening your vle to shibbed users means inconveniencing your own
>>>> users, then we have failed. It's bad practice and bad publicity  
>>>> that
>>>> will only harm bod in the long run.
>>>>
>>>> The Guanxi and SOCKET projects enjoy a symbiotic relationship so
>>>> let's not disturb that. Instead, let's find a way out of this  
>>>> that is
>>>> benficial to all concerned. Whether that means subcontracting to
>>>> someone who knows enough about bod to implement this is a matter  
>>>> for
>>>> discussion.
>>>>
>>>> Indeed, we know of someone who is currently available and is fresh
>>>> from testing bod and has some shibb knowledge to boot ;)
>>>>
>>>> Alistair
>>>>
>>>>
>>>> On 5 Jul 2006, at 12:57, Colin Tatham wrote:
>>>>
>>>>
>>>>
>>>>> Sean Mehan wrote:
>>>>>
>>>>>
>>>>>> well, what it does mean is that
>>>>>>
>>>>>> 1) GX isn't done, still;
>>>>>> 2) 2.8 will ship with no SP support unless we delay the 2.8  
>>>>>> release
>>>>>> for an indeterminate amount of time.
>>>>>
>>>>> Are the problems with the SP that bad that we remove it for 2.8?
>>>>> I think the main one is the fact that you can't use the same login
>>>>> route for Shibb and normal Bod
>>>>> auth (and the fact that sysadmin has to go via /opensite/). If  
>>>>> it's
>>>>> possible to release it with the
>>>>> SP stuff turned off, it will work as normal, and if people want to
>>>>> test the SP, they follow some
>>>>> short instructions to enable it (and find out that they have to  
>>>>> now
>>>>> login via /opensite/ as sysadmin)?
>>>>>
>>>>> Colin
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>> If it is the case that we still haven't finished GX (with the  
>>>>>> SP in
>>>>>> bod being a component of that), then, I suppose that we are
>>>>>> beholden
>>>>>> to Leeds to find the time for
>>>>>> their current project, which is still giving them money, in
>>>>>> order to
>>>>>> complete a project for which they received all of their money  
>>>>>> some
>>>>>> time ago.
>>>>>>
>>>>>> As for 2, all things being equal, its a ++2 from me to ship  
>>>>>> Bod 2.8
>>>>>> with no SP support.
>>>>>>
>>>>>> s
>>>>>>
>>>>>>
>>>>>> On 5 Jul 2006, at 12:13, Alistair Young wrote:
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>> nae probs wee man!
>>>>>>>
>>>>>>> On 5 Jul 2006, at 12:16, Atif Suleman wrote:
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>> Thanks Alistair for the feedback:
>>>>>>>> http://www.bodington.org/wiki/index.php?
>>>>>>>> title=TestRel2.8#Shibboleth_Functionality
>>>>>>>>
>>>>>>>> Any work on bodington-sp will have to wait until Socket
>>>>>>>> project is
>>>>>>>> finished at the end of the month.
>>>>>>>>
>>>>>>>> Ta
>>>>>>>> Atif.
>>>>>>>>
>>>>>>>>
>>>>>>>> Sean Mehan wrote:
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>>> On the SP side, Atif, can you fix the things Al has found  
>>>>>>>>> there,
>>>>>>>>> including the documentation? We really need the SP to work  
>>>>>>>>> as a
>>>>>>>>> final
>>>>>>>>> output for GX.
>>>>>>>>>
>>>>>>>>> Thanks,
>>>>>>>>> S
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> On 5 Jul 2006, at 10:38, Alistair Young wrote:
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>> I've updated the testing page:
>>>>>>>>>> http://www.bodington.org/wiki/index.php?
>>>>>>>>>> title=TestRel2.8#Shibboleth_Functionality
>>>>>>>>>>
>>>>>>>>>> Good work Atif on the sp module but bod itself just isn't  
>>>>>>>>>> ready
>>>>>>>>>> to be
>>>>>>>>>> an sp IMHO.
>>>>>>>>>>
>>>>>>>>>> Alistair
>>>>>>>>>>
>>>>>
>>>>> -- 
>>>>> ____________________________________
>>>>> Colin Tatham
>>>>> VLE Team
>>>>> Oxford University Computing Services
>>>>>
>>>>> http://www.oucs.ox.ac.uk/ltg/vle/
>>>>> http://bodington.org
> -- 
> ____________________________________
> Colin Tatham
> VLE Team
> Oxford University Computing Services
>
> http://www.oucs.ox.ac.uk/ltg/vle/
> http://bodington.org
>
> Using Tomcat but need to do more? Need to support web services,  
> security?
> Get stuff done quickly with pre-integrated technology to make your  
> job easier
> Download IBM WebSphere Application Server v.1.0.1 based on Apache  
> Geronimo
> http://sel.as-us.falkag.net/sel? 
> cmd=lnk&kid=120709&bid=263057&dat=121642
> _______________________________________________
> Bodington-developers mailing list
> Bod...@li...
> https://lists.sourceforge.net/lists/listinfo/bodington-developers

Re: [Bodington-developers] SP testing on wiki

[Sean M. <se...@sm...>]

well, we are pretty much the bod community, minus any lurkers who are
using it without our knowledge. Who knows. Seems there are Danes using GX
in anger without telling us, so it is possible.


However, it is not right to do somethign retrograde in terms of ease of
use, functionality, etc.

It needs to be right on principle or we abandon the concept of community
source in bod.....

s


<quote who=3D"Alistair Young">
>> why is it so much work to change that behaviour, so that normal users
>> login via /site/ and Shibb users via /xyz/?
> spot on - that's the goal, shibb users go in via /xyz - I can't say
> how much work that is but until it's there bod can't be advertised as
> an sp. Taking over the /site for shibb users and shunting normal
> users to /opensite is not going to go down well with the bod community.
>
> Alistair
>
>
> On 5 Jul 2006, at 14:24, Colin Tatham wrote:
>
>> Alistair Young wrote:
>>>> different login route for Shibb isn't as good as a Shunnel(!)
>>>
>>> they're the same! a shunnel (cringe) is just another route into an
>>> app via shibb. In this case it's a different url, /site/
>>> bs_template_shibb_login.html or something.
>>
>> I thought a shunnel (AY cringes) was a single page where users have
>> to choose the login method, i.e.
>> at the *same* URL as any other login point...
>>
>>> the issue is that the SP is too "invasive" for normal use. It can't
>>> be used in a production bod as when it's turned on, all users must
>>> login via it or via /opensite and when it's turned off they have to
>>> revert to using the normal login in /site.
>>
>> Yes, I understand that, but why is it so much work to change that
>> behaviour, so that normal users
>> login via /site/ and Shibb users via /xyz/? Then, whether it's
>> turned on or off makes no diff to
>> normal users...
>>
>>> The code can stay in head and won't delay 2.8.
>>
>> OK, I though someone had suggested that it had to be removed...
>>
>>> What will delay 2.8 is
>>> waiting for a shibb url to be implemented so that bod can be
>>> advertised as an sp in 2.8
>>>
>>> Alistair
>>>
>>>
>>> On 5 Jul 2006, at 13:58, Colin Tatham wrote:
>>>
>>>
>>>> Although I agree with most of what you say (I think) it doesn't
>>>> seem to address what I was
>>>> suggesting/asking? (Maybe it wasn't supposed to :-) )
>>>>
>>>> 1) Can the SP bit be turned off by default, or re-configured so
>>>> that the *Shibb* route is via a
>>>> different URL?
>>>> 2) Is the SP code already in HEAD?
>>>>
>>>> Although I agree having a different login route for Shibb isn't as
>>>> good as a Shunnel(!) releasing
>>>> 2.8 with different URL Shibb is better than not including it at
>>>> all, especially if we have to take
>>>> the code out of HEAD?
>>>>
>>>> Colin
>>>>
>>>> Alistair Young wrote:
>>>>
>>>>> Let me clarify first, that the issue is with bod itself, not with
>>>>> what Atif has produced as a shibb module. I suspect the hand of
>>>>> politics involved and as we all know, developers are it's servants.
>>>>>
>>>>> It would seem that local demands have impinged upon the gx
>>>>> philosophy
>>>>> of minimal disruption. e.g. the bod IdP runs without normal users'
>>>>> knowledge and the SP should do the same. We, the gx project as a
>>>>> whole, could have caught this earlier if we'd known about it but we
>>>>> didn't so we couldn't. As the gx project is not about custom coding
>>>>> to local demands then I would say it's fair to ask Atif or someone
>>>>> Leeds can nominate to remove the implications of those local
>>>>> demands
>>>>> and bring bod in line with the minimal philosophy.
>>>>>
>>>>> This means providing a separate shibb route into bod. We've seen it
>>>>> before with webauth etc so it's possible and is arguably the way it
>>>>> should have been.
>>>>>
>>>>> As it stands, it's unacceptable to change the way an institution's
>>>>> users work just so that a feature of the vle can be tested. When
>>>>> opening your vle to shibbed users means inconveniencing your own
>>>>> users, then we have failed. It's bad practice and bad publicity
>>>>> that
>>>>> will only harm bod in the long run.
>>>>>
>>>>> The Guanxi and SOCKET projects enjoy a symbiotic relationship so
>>>>> let's not disturb that. Instead, let's find a way out of this
>>>>> that is
>>>>> benficial to all concerned. Whether that means subcontracting to
>>>>> someone who knows enough about bod to implement this is a matter
>>>>> for
>>>>> discussion.
>>>>>
>>>>> Indeed, we know of someone who is currently available and is fresh
>>>>> from testing bod and has some shibb knowledge to boot ;)
>>>>>
>>>>> Alistair
>>>>>
>>>>>
>>>>> On 5 Jul 2006, at 12:57, Colin Tatham wrote:
>>>>>
>>>>>
>>>>>
>>>>>> Sean Mehan wrote:
>>>>>>
>>>>>>
>>>>>>> well, what it does mean is that
>>>>>>>
>>>>>>> 1) GX isn't done, still;
>>>>>>> 2) 2.8 will ship with no SP support unless we delay the 2.8
>>>>>>> release
>>>>>>> for an indeterminate amount of time.
>>>>>>
>>>>>> Are the problems with the SP that bad that we remove it for 2.8?
>>>>>> I think the main one is the fact that you can't use the same login
>>>>>> route for Shibb and normal Bod
>>>>>> auth (and the fact that sysadmin has to go via /opensite/). If
>>>>>> it's
>>>>>> possible to release it with the
>>>>>> SP stuff turned off, it will work as normal, and if people want to
>>>>>> test the SP, they follow some
>>>>>> short instructions to enable it (and find out that they have to
>>>>>> now
>>>>>> login via /opensite/ as sysadmin)?
>>>>>>
>>>>>> Colin
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>> If it is the case that we still haven't finished GX (with the
>>>>>>> SP in
>>>>>>> bod being a component of that), then, I suppose that we are
>>>>>>> beholden
>>>>>>> to Leeds to find the time for
>>>>>>> their current project, which is still giving them money, in
>>>>>>> order to
>>>>>>> complete a project for which they received all of their money
>>>>>>> some
>>>>>>> time ago.
>>>>>>>
>>>>>>> As for 2, all things being equal, its a ++2 from me to ship
>>>>>>> Bod 2.8
>>>>>>> with no SP support.
>>>>>>>
>>>>>>> s
>>>>>>>
>>>>>>>
>>>>>>> On 5 Jul 2006, at 12:13, Alistair Young wrote:
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>> nae probs wee man!
>>>>>>>>
>>>>>>>> On 5 Jul 2006, at 12:16, Atif Suleman wrote:
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>>> Thanks Alistair for the feedback:
>>>>>>>>> http://www.bodington.org/wiki/index.php?
>>>>>>>>> title=3DTestRel2.8#Shibboleth_Functionality
>>>>>>>>>
>>>>>>>>> Any work on bodington-sp will have to wait until Socket
>>>>>>>>> project is
>>>>>>>>> finished at the end of the month.
>>>>>>>>>
>>>>>>>>> Ta
>>>>>>>>> Atif.
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> Sean Mehan wrote:
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>> On the SP side, Atif, can you fix the things Al has found
>>>>>>>>>> there,
>>>>>>>>>> including the documentation? We really need the SP to work
>>>>>>>>>> as a
>>>>>>>>>> final
>>>>>>>>>> output for GX.
>>>>>>>>>>
>>>>>>>>>> Thanks,
>>>>>>>>>> S
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>> On 5 Jul 2006, at 10:38, Alistair Young wrote:
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>> I've updated the testing page:
>>>>>>>>>>> http://www.bodington.org/wiki/index.php?
>>>>>>>>>>> title=3DTestRel2.8#Shibboleth_Functionality
>>>>>>>>>>>
>>>>>>>>>>> Good work Atif on the sp module but bod itself just isn't
>>>>>>>>>>> ready
>>>>>>>>>>> to be
>>>>>>>>>>> an sp IMHO.
>>>>>>>>>>>
>>>>>>>>>>> Alistair
>>>>>>>>>>>
>>>>>>
>>>>>> --
>>>>>> ____________________________________
>>>>>> Colin Tatham
>>>>>> VLE Team
>>>>>> Oxford University Computing Services
>>>>>>
>>>>>> http://www.oucs.ox.ac.uk/ltg/vle/
>>>>>> http://bodington.org
>> --
>> ____________________________________
>> Colin Tatham
>> VLE Team
>> Oxford University Computing Services
>>
>> http://www.oucs.ox.ac.uk/ltg/vle/
>> http://bodington.org
>>
>> Using Tomcat but need to do more? Need to support web services,
>> security?
>> Get stuff done quickly with pre-integrated technology to make your
>> job easier
>> Download IBM WebSphere Application Server v.1.0.1 based on Apache
>> Geronimo
>> http://sel.as-us.falkag.net/sel?
>> cmd=3Dlnk&kid=3D120709&bid=3D263057&dat=3D121642
>> _______________________________________________
>> Bodington-developers mailing list
>> Bod...@li...
>> https://lists.sourceforge.net/lists/listinfo/bodington-developers
>
>
> Using Tomcat but need to do more? Need to support web services, securit=
y?
> Get stuff done quickly with pre-integrated technology to make your job
> easier
> Download IBM WebSphere Application Server v.1.0.1 based on Apache Geron=
imo
> http://sel.as-us.falkag.net/sel?cmd=3Dlnk&kid=3D120709&bid=3D263057&dat=
=3D121642
> _______________________________________________
> Bodington-developers mailing list
> Bod...@li...
> https://lists.sourceforge.net/lists/listinfo/bodington-developers
>


--=20
Sean Mehan
Head of e-Frameworks
Learning and Information Services
UHI

Re: [Bodington-developers] SP testing on wiki

[Sean M. <se...@sm...>]

Err, Colin, it doesn't need to come out of head, it merely comes out  
of the branch when we split the code.


s


On 5 Jul 2006, at 13:58, Colin Tatham wrote:

> Although I agree with most of what you say (I think) it doesn't  
> seem to address what I was
> suggesting/asking? (Maybe it wasn't supposed to :-) )
>
> 1) Can the SP bit be turned off by default, or re-configured so  
> that the *Shibb* route is via a
> different URL?
> 2) Is the SP code already in HEAD?
>
> Although I agree having a different login route for Shibb isn't as  
> good as a Shunnel(!) releasing
> 2.8 with different URL Shibb is better than not including it at  
> all, especially if we have to take
> the code out of HEAD?
>
> Colin
>
> Alistair Young wrote:
>> Let me clarify first, that the issue is with bod itself, not with
>> what Atif has produced as a shibb module. I suspect the hand of
>> politics involved and as we all know, developers are it's servants.
>>
>> It would seem that local demands have impinged upon the gx philosophy
>> of minimal disruption. e.g. the bod IdP runs without normal users'
>> knowledge and the SP should do the same. We, the gx project as a
>> whole, could have caught this earlier if we'd known about it but we
>> didn't so we couldn't. As the gx project is not about custom coding
>> to local demands then I would say it's fair to ask Atif or someone
>> Leeds can nominate to remove the implications of those local demands
>> and bring bod in line with the minimal philosophy.
>>
>> This means providing a separate shibb route into bod. We've seen it
>> before with webauth etc so it's possible and is arguably the way it
>> should have been.
>>
>> As it stands, it's unacceptable to change the way an institution's
>> users work just so that a feature of the vle can be tested. When
>> opening your vle to shibbed users means inconveniencing your own
>> users, then we have failed. It's bad practice and bad publicity that
>> will only harm bod in the long run.
>>
>> The Guanxi and SOCKET projects enjoy a symbiotic relationship so
>> let's not disturb that. Instead, let's find a way out of this that is
>> benficial to all concerned. Whether that means subcontracting to
>> someone who knows enough about bod to implement this is a matter for
>> discussion.
>>
>> Indeed, we know of someone who is currently available and is fresh
>> from testing bod and has some shibb knowledge to boot ;)
>>
>> Alistair
>>
>>
>> On 5 Jul 2006, at 12:57, Colin Tatham wrote:
>>
>>
>>> Sean Mehan wrote:
>>>
>>>> well, what it does mean is that
>>>>
>>>> 1) GX isn't done, still;
>>>> 2) 2.8 will ship with no SP support unless we delay the 2.8 release
>>>> for an indeterminate amount of time.
>>>
>>> Are the problems with the SP that bad that we remove it for 2.8?
>>> I think the main one is the fact that you can't use the same login
>>> route for Shibb and normal Bod
>>> auth (and the fact that sysadmin has to go via /opensite/). If it's
>>> possible to release it with the
>>> SP stuff turned off, it will work as normal, and if people want to
>>> test the SP, they follow some
>>> short instructions to enable it (and find out that they have to now
>>> login via /opensite/ as sysadmin)?
>>>
>>> Colin
>>>
>>>
>>>
>>>> If it is the case that we still haven't finished GX (with the SP in
>>>> bod being a component of that), then, I suppose that we are  
>>>> beholden
>>>> to Leeds to find the time for
>>>> their current project, which is still giving them money, in  
>>>> order to
>>>> complete a project for which they received all of their money some
>>>> time ago.
>>>>
>>>> As for 2, all things being equal, its a ++2 from me to ship Bod 2.8
>>>> with no SP support.
>>>>
>>>> s
>>>>
>>>>
>>>> On 5 Jul 2006, at 12:13, Alistair Young wrote:
>>>>
>>>>
>>>>
>>>>> nae probs wee man!
>>>>>
>>>>> On 5 Jul 2006, at 12:16, Atif Suleman wrote:
>>>>>
>>>>>
>>>>>
>>>>>> Thanks Alistair for the feedback:
>>>>>> http://www.bodington.org/wiki/index.php?
>>>>>> title=TestRel2.8#Shibboleth_Functionality
>>>>>>
>>>>>> Any work on bodington-sp will have to wait until Socket  
>>>>>> project is
>>>>>> finished at the end of the month.
>>>>>>
>>>>>> Ta
>>>>>> Atif.
>>>>>>
>>>>>>
>>>>>> Sean Mehan wrote:
>>>>>>
>>>>>>
>>>>>>
>>>>>>> On the SP side, Atif, can you fix the things Al has found there,
>>>>>>> including the documentation? We really need the SP to work as a
>>>>>>> final
>>>>>>> output for GX.
>>>>>>>
>>>>>>> Thanks,
>>>>>>> S
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> On 5 Jul 2006, at 10:38, Alistair Young wrote:
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>> I've updated the testing page:
>>>>>>>> http://www.bodington.org/wiki/index.php?
>>>>>>>> title=TestRel2.8#Shibboleth_Functionality
>>>>>>>>
>>>>>>>> Good work Atif on the sp module but bod itself just isn't ready
>>>>>>>> to be
>>>>>>>> an sp IMHO.
>>>>>>>>
>>>>>>>> Alistair
>>>>>>>>
>>>
>>> -- 
>>> ____________________________________
>>> Colin Tatham
>>> VLE Team
>>> Oxford University Computing Services
>>>
>>> http://www.oucs.ox.ac.uk/ltg/vle/
>>> http://bodington.org
>>>
>>> Using Tomcat but need to do more? Need to support web services,
>>> security?
>>> Get stuff done quickly with pre-integrated technology to make your
>>> job easier
>>> Download IBM WebSphere Application Server v.1.0.1 based on Apache
>>> Geronimo
>>> http://sel.as-us.falkag.net/sel?
>>> cmd=lnk&kid=120709&bid=263057&dat=121642
>>> _______________________________________________
>>> Bodington-developers mailing list
>>> Bod...@li...
>>> https://lists.sourceforge.net/lists/listinfo/bodington-developers
>>
>>
>>
>> Using Tomcat but need to do more? Need to support web services,  
>> security?
>> Get stuff done quickly with pre-integrated technology to make your  
>> job easier
>> Download IBM WebSphere Application Server v.1.0.1 based on Apache  
>> Geronimo
>> http://sel.as-us.falkag.net/sel? 
>> cmd=lnk&kid=120709&bid=263057&dat=121642
>> _______________________________________________
>> Bodington-developers mailing list
>> Bod...@li...
>> https://lists.sourceforge.net/lists/listinfo/bodington-developers
>>
>>
>
>
> -- 
> ____________________________________
> Colin Tatham
> VLE Team
> Oxford University Computing Services
>
> http://www.oucs.ox.ac.uk/ltg/vle/
> http://bodington.org
>
> Using Tomcat but need to do more? Need to support web services,  
> security?
> Get stuff done quickly with pre-integrated technology to make your  
> job easier
> Download IBM WebSphere Application Server v.1.0.1 based on Apache  
> Geronimo
> http://sel.as-us.falkag.net/sel? 
> cmd=lnk&kid=120709&bid=263057&dat=121642
> _______________________________________________
> Bodington-developers mailing list
> Bod...@li...
> https://lists.sourceforge.net/lists/listinfo/bodington-developers
>

Re: [Bodington-developers] SP testing on wiki

[Colin T. <col...@ou...>]

Sean Mehan wrote:
> Err, Colin, it doesn't need to come out of head, it merely comes out  
> of the branch when we split the code.

OK, but you're saying someone has to take it out then?
My point is that if we're going to take it out, we might as well fix it, but that depends on how 
much work it would be to get something that Alistair thinks would be acceptable (doesn't sound like 
a lot to me...)

Either way, doesn't actually bother/affect me, just thought that it's not that broke (although 
Alistair's points are valid).

Colin


> On 5 Jul 2006, at 13:58, Colin Tatham wrote:
> 
> 
>>Although I agree with most of what you say (I think) it doesn't  
>>seem to address what I was
>>suggesting/asking? (Maybe it wasn't supposed to :-) )
>>
>>1) Can the SP bit be turned off by default, or re-configured so  
>>that the *Shibb* route is via a
>>different URL?
>>2) Is the SP code already in HEAD?
>>
>>Although I agree having a different login route for Shibb isn't as  
>>good as a Shunnel(!) releasing
>>2.8 with different URL Shibb is better than not including it at  
>>all, especially if we have to take
>>the code out of HEAD?
>>
>>Colin
>>
>>Alistair Young wrote:
>>
>>>Let me clarify first, that the issue is with bod itself, not with
>>>what Atif has produced as a shibb module. I suspect the hand of
>>>politics involved and as we all know, developers are it's servants.
>>>
>>>It would seem that local demands have impinged upon the gx philosophy
>>>of minimal disruption. e.g. the bod IdP runs without normal users'
>>>knowledge and the SP should do the same. We, the gx project as a
>>>whole, could have caught this earlier if we'd known about it but we
>>>didn't so we couldn't. As the gx project is not about custom coding
>>>to local demands then I would say it's fair to ask Atif or someone
>>>Leeds can nominate to remove the implications of those local demands
>>>and bring bod in line with the minimal philosophy.
>>>
>>>This means providing a separate shibb route into bod. We've seen it
>>>before with webauth etc so it's possible and is arguably the way it
>>>should have been.
>>>
>>>As it stands, it's unacceptable to change the way an institution's
>>>users work just so that a feature of the vle can be tested. When
>>>opening your vle to shibbed users means inconveniencing your own
>>>users, then we have failed. It's bad practice and bad publicity that
>>>will only harm bod in the long run.
>>>
>>>The Guanxi and SOCKET projects enjoy a symbiotic relationship so
>>>let's not disturb that. Instead, let's find a way out of this that is
>>>benficial to all concerned. Whether that means subcontracting to
>>>someone who knows enough about bod to implement this is a matter for
>>>discussion.
>>>
>>>Indeed, we know of someone who is currently available and is fresh
>>>from testing bod and has some shibb knowledge to boot ;)
>>>
>>>Alistair
>>>
>>>
>>>On 5 Jul 2006, at 12:57, Colin Tatham wrote:
>>>
>>>
>>>
>>>>Sean Mehan wrote:
>>>>
>>>>
>>>>>well, what it does mean is that
>>>>>
>>>>>1) GX isn't done, still;
>>>>>2) 2.8 will ship with no SP support unless we delay the 2.8 release
>>>>>for an indeterminate amount of time.
>>>>
>>>>Are the problems with the SP that bad that we remove it for 2.8?
>>>>I think the main one is the fact that you can't use the same login
>>>>route for Shibb and normal Bod
>>>>auth (and the fact that sysadmin has to go via /opensite/). If it's
>>>>possible to release it with the
>>>>SP stuff turned off, it will work as normal, and if people want to
>>>>test the SP, they follow some
>>>>short instructions to enable it (and find out that they have to now
>>>>login via /opensite/ as sysadmin)?
>>>>
>>>>Colin
>>>>
>>>>
>>>>
>>>>
>>>>>If it is the case that we still haven't finished GX (with the SP in
>>>>>bod being a component of that), then, I suppose that we are  
>>>>>beholden
>>>>>to Leeds to find the time for
>>>>>their current project, which is still giving them money, in  
>>>>>order to
>>>>>complete a project for which they received all of their money some
>>>>>time ago.
>>>>>
>>>>>As for 2, all things being equal, its a ++2 from me to ship Bod 2.8
>>>>>with no SP support.
>>>>>
>>>>>s
>>>>>
>>>>>
>>>>>On 5 Jul 2006, at 12:13, Alistair Young wrote:
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>>nae probs wee man!
>>>>>>
>>>>>>On 5 Jul 2006, at 12:16, Atif Suleman wrote:
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>>Thanks Alistair for the feedback:
>>>>>>>http://www.bodington.org/wiki/index.php?
>>>>>>>title=TestRel2.8#Shibboleth_Functionality
>>>>>>>
>>>>>>>Any work on bodington-sp will have to wait until Socket  
>>>>>>>project is
>>>>>>>finished at the end of the month.
>>>>>>>
>>>>>>>Ta
>>>>>>>Atif.
>>>>>>>
>>>>>>>
>>>>>>>Sean Mehan wrote:
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>>On the SP side, Atif, can you fix the things Al has found there,
>>>>>>>>including the documentation? We really need the SP to work as a
>>>>>>>>final
>>>>>>>>output for GX.
>>>>>>>>
>>>>>>>>Thanks,
>>>>>>>>S
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>>On 5 Jul 2006, at 10:38, Alistair Young wrote:
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>>>I've updated the testing page:
>>>>>>>>>http://www.bodington.org/wiki/index.php?
>>>>>>>>>title=TestRel2.8#Shibboleth_Functionality
>>>>>>>>>
>>>>>>>>>Good work Atif on the sp module but bod itself just isn't ready
>>>>>>>>>to be
>>>>>>>>>an sp IMHO.
>>>>>>>>>
>>>>>>>>>Alistair
>>>>>>>>>
>>>>
>>>>-- 
>>>>____________________________________
>>>>Colin Tatham
>>>>VLE Team
>>>>Oxford University Computing Services
>>>>
>>>>http://www.oucs.ox.ac.uk/ltg/vle/
>>>>http://bodington.org
>>>>
>>>>Using Tomcat but need to do more? Need to support web services,
>>>>security?
>>>>Get stuff done quickly with pre-integrated technology to make your
>>>>job easier
>>>>Download IBM WebSphere Application Server v.1.0.1 based on Apache
>>>>Geronimo
>>>>http://sel.as-us.falkag.net/sel?
>>>>cmd=lnk&kid=120709&bid=263057&dat=121642
>>>>_______________________________________________
>>>>Bodington-developers mailing list
>>>>Bod...@li...
>>>>https://lists.sourceforge.net/lists/listinfo/bodington-developers
>>>
>>>
>>>
>>>Using Tomcat but need to do more? Need to support web services,  
>>>security?
>>>Get stuff done quickly with pre-integrated technology to make your  
>>>job easier
>>>Download IBM WebSphere Application Server v.1.0.1 based on Apache  
>>>Geronimo
>>>http://sel.as-us.falkag.net/sel? 
>>>cmd=lnk&kid=120709&bid=263057&dat=121642
>>>_______________________________________________
>>>Bodington-developers mailing list
>>>Bod...@li...
>>>https://lists.sourceforge.net/lists/listinfo/bodington-developers
>>>
>>>
>>
>>
>>-- 
>>____________________________________
>>Colin Tatham
>>VLE Team
>>Oxford University Computing Services
>>
>>http://www.oucs.ox.ac.uk/ltg/vle/
>>http://bodington.org
>>
>>Using Tomcat but need to do more? Need to support web services,  
>>security?
>>Get stuff done quickly with pre-integrated technology to make your  
>>job easier
>>Download IBM WebSphere Application Server v.1.0.1 based on Apache  
>>Geronimo
>>http://sel.as-us.falkag.net/sel? 
>>cmd=lnk&kid=120709&bid=263057&dat=121642
>>_______________________________________________
>>Bodington-developers mailing list
>>Bod...@li...
>>https://lists.sourceforge.net/lists/listinfo/bodington-developers
>>
> 
> 
> 
> Using Tomcat but need to do more? Need to support web services, security?
> Get stuff done quickly with pre-integrated technology to make your job easier
> Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo
> http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642
> _______________________________________________
> Bodington-developers mailing list
> Bod...@li...
> https://lists.sourceforge.net/lists/listinfo/bodington-developers
> 
> 


-- 
____________________________________
Colin Tatham
VLE Team
Oxford University Computing Services

http://www.oucs.ox.ac.uk/ltg/vle/
http://bodington.org

Re: [Bodington-developers] SP testing on wiki

[Atif S. <BM...@bm...>]

Alistair Young wrote:

>>why is it so much work to change that behaviour, so that normal users
>>login via /site/ and Shibb users via /xyz/?
>>    
>>
>spot on - that's the goal, shibb users go in via /xyz - I can't say  
>how much work that is but until it's there bod can't be advertised as  
>an sp. Taking over the /site for shibb users and shunting normal  
>users to /opensite is not going to go down well with the bod community.
>
>  
>
It can be done without much problem, all that is needed is the following 
in bodington web.xml:

<filter-mapping>
        <filter-name>Guanxi Resource Guard</filter-name>
         <url-pattern>/spsite/*</url-pattern>
</filter-mapping>

<servlet-mapping>
        <servlet-name>building</servlet-name>
        <url-pattern>/spsite/*</url-pattern>
</servlet-mapping>

The /xyz is /spsite/*

Normal users can go through /site/*

Ta
Atif.

Re: [Bodington-developers] SP testing on wiki

[Alistair Y. <ali...@sm...>]

Thanks Atif, much ado about nothing then ;)

I've updated http://www.bodington.org/wiki/index.php? 
title=TestRel2.8#Shibboleth_Functionality

any chance of documentation on the wiki (rhetorical question) and  
some logging? The documentation could be an example walkthrough of  
setting up the sp module for an IdP domain.

Alistair

On 5 Jul 2006, at 18:22, Atif Suleman wrote:

> Alistair Young wrote:
>
>>> why is it so much work to change that behaviour, so that normal  
>>> users
>>> login via /site/ and Shibb users via /xyz/?
>>>
>>>
>> spot on - that's the goal, shibb users go in via /xyz - I can't say
>> how much work that is but until it's there bod can't be advertised as
>> an sp. Taking over the /site for shibb users and shunting normal
>> users to /opensite is not going to go down well with the bod  
>> community.
>>
>>
>>
> It can be done without much problem, all that is needed is the  
> following
> in bodington web.xml:
>
> <filter-mapping>
>         <filter-name>Guanxi Resource Guard</filter-name>
>          <url-pattern>/spsite/*</url-pattern>
> </filter-mapping>
>
> <servlet-mapping>
>         <servlet-name>building</servlet-name>
>         <url-pattern>/spsite/*</url-pattern>
> </servlet-mapping>
>
> The /xyz is /spsite/*
>
> Normal users can go through /site/*
>
> Ta
> Atif.
>
> Using Tomcat but need to do more? Need to support web services,  
> security?
> Get stuff done quickly with pre-integrated technology to make your  
> job easier
> Download IBM WebSphere Application Server v.1.0.1 based on Apache  
> Geronimo
> http://sel.as-us.falkag.net/sel? 
> cmd=lnk&kid=120709&bid=263057&dat=121642
> _______________________________________________
> Bodington-developers mailing list
> Bod...@li...
> https://lists.sourceforge.net/lists/listinfo/bodington-developers

Re: [Bodington-developers] SP testing on wiki

[Sean M. <se...@sm...>]

yeah, the problem here is making it easy (or even achievable) to make  
something work correctly for a site without having to resort to hackery.

Alistair's recs were:

Provide a separate shibboleth route into Bodington so that the main / 
site can be left as is for local users. Recommend this be called / 
shibboleth
Document known behaviour such as shibbed sysadmin access.
Install a Guanxi SP Engine somewhere at a partner site to allow  
shibbed Bods to test their functionality without having to install an  
Engine. Perhaps consider this as the default distribution of  
Bodington shibboleth functionality. i.e. shipping Bod with the SP  
module and a Guanxi Guard but make a Guanxi Engine available on  
bodington.org or other domain for bods to use.
Documentation to be provided on how to use the SP module.


They seem perfectly reasonable to me for production release code.


s


On 6 Jul 2006, at 09:35, Alistair Young wrote:

> Thanks Atif, much ado about nothing then ;)
>
> I've updated http://www.bodington.org/wiki/index.php?
> title=TestRel2.8#Shibboleth_Functionality
>
> any chance of documentation on the wiki (rhetorical question) and
> some logging? The documentation could be an example walkthrough of
> setting up the sp module for an IdP domain.
>
> Alistair
>
> On 5 Jul 2006, at 18:22, Atif Suleman wrote:
>
>> Alistair Young wrote:
>>
>>>> why is it so much work to change that behaviour, so that normal
>>>> users
>>>> login via /site/ and Shibb users via /xyz/?
>>>>
>>>>
>>> spot on - that's the goal, shibb users go in via /xyz - I can't say
>>> how much work that is but until it's there bod can't be  
>>> advertised as
>>> an sp. Taking over the /site for shibb users and shunting normal
>>> users to /opensite is not going to go down well with the bod
>>> community.
>>>
>>>
>>>
>> It can be done without much problem, all that is needed is the
>> following
>> in bodington web.xml:
>>
>> <filter-mapping>
>>         <filter-name>Guanxi Resource Guard</filter-name>
>>          <url-pattern>/spsite/*</url-pattern>
>> </filter-mapping>
>>
>> <servlet-mapping>
>>         <servlet-name>building</servlet-name>
>>         <url-pattern>/spsite/*</url-pattern>
>> </servlet-mapping>
>>
>> The /xyz is /spsite/*
>>
>> Normal users can go through /site/*
>>
>> Ta
>> Atif.
>>
>> Using Tomcat but need to do more? Need to support web services,
>> security?
>> Get stuff done quickly with pre-integrated technology to make your
>> job easier
>> Download IBM WebSphere Application Server v.1.0.1 based on Apache
>> Geronimo
>> http://sel.as-us.falkag.net/sel?
>> cmd=lnk&kid=120709&bid=263057&dat=121642
>> _______________________________________________
>> Bodington-developers mailing list
>> Bod...@li...
>> https://lists.sourceforge.net/lists/listinfo/bodington-developers
>
>
> Using Tomcat but need to do more? Need to support web services,  
> security?
> Get stuff done quickly with pre-integrated technology to make your  
> job easier
> Download IBM WebSphere Application Server v.1.0.1 based on Apache  
> Geronimo
> http://sel.as-us.falkag.net/sel? 
> cmd=lnk&kid=120709&bid=263057&dat=121642
> _______________________________________________
> Bodington-developers mailing list
> Bod...@li...
> https://lists.sourceforge.net/lists/listinfo/bodington-developers
>