Date

Attendees

Agenda

  • Signing Service

Discussion items

TimeItemNotes
0 minUpdate Elena

Elena sent this update:

As report of my work, I have found two possible implementations of
openssl library for Cocoa and I'm trying to use any of them in the app
to solve the interoperability between the JWT library (that only support
PEM format for keys) and the JWKS format that we use in the
metadata_statement. The management of libraries in IOS is a headache and
the libraries' documentation is scarce, so I'll count if I make progress.


45 minSigning service
Alejandro sent Davide a skeleton for the signing service. Davide is working on it and more or less it is working. Someone is needed to test it.
Constantin, Hervé and Janne will test the signing service
Davide will send Constantin, Hervé and Janne info about signing service
Davide shows the signing service skeleton. Davide just committed it to github and will send the link around shortly.
Question Davide: people will start on this and will have to create their own signing keys. Right now it is not very user-friendly. Should we add a page where people can create their own signing keys? Janne: there are very good existing online tools for creating JSON webkeys. So we don't need to create it ourselves. Davide: good to link to those sites in our signing service.
Janne will past some links to sites for creating JSON webkeys in the signing service
Functionalities of the signing service:
  • Check federation public key
  • Enrol a new entity into the federation
  • List enrolled entities
  • Add a superior
  • List superior entities
  • (API) get metadata statements
  • (parties) get issuer metadata statements
  • (parties) get issuer pub signing keys

Are we missing something? Davide goes through the multifederation flow to check this. Maybe we are missing the involvement of another federation as an entity, but that seems to be covered as well.

To test:

  • test hierarchical federations (enrollment in superior signing service)
  • generations of metadata statements for below federations


Davide will set up three signing services with a small hierarchy.

Davide will do some tests with python etc.

Henri will test Shibboleth OP

Deadline: In two weeks (next week is a bit hectic)

15 minUse cases and pilot

Davide, Maarten and Juha talked about use cases and pilots and concluded that these activities should be merged.

Once the signing service is in place and some OP's and RP's that can play with it, this should be enough to start with the pilot.

Davide: what we need: federation model → involvement in the federation. Metadata statement lifetime and validity information also needed. Proposals on federation models for the participants in the pilots needed. Targeted on the pilot and targeted on the federation aspect.


Davide will send around some more info about the pilot, next Friday we will discuss this. In the meantime, we should work on it to add to the info what the options are in the pilot.

Jule and Juha will start building on the pilot and use cases information.