Newsletter - 201008 - August 2010
- Mark Mark
JASIG NEWSLETTER - AUGUST 2010
================================================================
JASIG FALL UNCONFERENCE
- Registration is Open for the Jasig Fall Unconference!
- Portlet Development Training following the Jasig 2010 Unconference
JASIG PROJECTS
Central Authentication Service (CAS)
- Multi_factor Authentication Design
- phpCAS Client 1.1.2 Release
uPortal
- uPortal Documentation Progress
- Customize Portal Gallery
- uPortal and Grouper
Bedework
- Bedework-ing: Jasig Unconference
- Bedework--ing: Girasole Consulting
- Bedework-ing: Recent Bedework deployments
- Bedework-ing: 2-3-98 Conference
- Bedework-ing: Jasig Vimeo Videos
- Bedework-ing: Calendaring Industry News
- Bedework-ing: none of the above
AROUND JASIG
- Jasig to Host New Open Source Community of Practice
UPCOMING COMMUNITY EVENTS
- 2010 EDUCAUSE Annual Conference - Anaheim, California (October 12-15, 2010)
- Fall 2010 Internet2 Member Meeting - Atlanta, Georgia (November 1-4, 2010)
- Kuali Days 2010 - San Diego, California (November 8-10, 2010)
================================================================
JASIG FALL UNCONFERENCE
Registration is Open for the Jasig Fall Unconference!
WHY ATTEND THE JASIG UNCONFERENCE?
An unconference is an event featuring spontaneously planned activities based on the interests and needs of the participants.
Attend this year's Unconference if you would like to:
* Meet with experts, newbies, and everyone in-between from a variety of open source communities
* Pursue a topic that's important to you and your institution
* Collaborate and compare best practices with your peers
* Get up to speed on uPortal, CAS, Bedework, IdM Topics, Portlets, OpenRegistry, HelpDesk, and other applications
* Bring home solutions that you can use
* Get help with your own code
* Work on integration projects
* Help improve our user manuals
* Record a demo of your work in our "Screencast Factory"
* Spend time in informal discussion about the subjects that are of most interest to you
* Decide for yourself what you'd like to gain from the event!
The costs are low. The learning opportunities are incomparable!
REGISTER NOW:
- Registration fee for the October 2010 Jasig Unconference: $225/Members, $275/Non-Members
- Nightly rate at Harrah's Hotel: $88.99
- Two-and-a-half days talking, learning, teaching, planning, designing, coding, and hanging out with your peers: Priceless!
DATES:
October 18-20, Unconference sessions
October 20-21, Developer/Implementer meetings
PLACE:
University of St. Francis
500 Wilcox St., Joliet, IL 60435
REGISTRATION SITE: [https://www.concentra-cms.com/register/start.action?confId=46]
MAIN UNCONFERENCE SITE: [http://bit.ly/jasigunconf2010]
ACCOMMODATIONS:
Harrah's Joliet
151 N. Joliet Street, Joliet, IL
Reservation Line: 800-Harrahs (1-800-427-7247)
Hotel Direct #: (815) 740-7800
Room rate: $88.99 plus tax per room. Includes breakfast voucher for breakfast in the Union Station Buffet.
Rooms must be booked by 10/3/2010 to get the guaranteed rate.
Reference group code "S1017JC" to get the special Jasig rate.
I CAN'T STOP MYSELF! WHAT SHOULD I DO NEXT?
If you're planning to join us, please do the following:
1. Visit and Add your Name on the Unconference Planning Site on the Jasig wiki. This is a great place to indicate your interests---what you'd like to discuss, learn, share or teach.
Wiki participants page: [https://wiki.jasig.org/display/JCON/Fall+2010+Unconference+Participants]
2. Register for the Unconference right here: [https://www.concentra-cms.com/register/start.action?confId=46]
3. Reserve a room at the Harrah's Joliet Hotel.
* Register by October 3rd, by calling the Harrah's reservation line at 800-Harrahs (1-800-427-7247).
* Reference group code "S1017JC" to get the Jasig rate of $88.99/night. Be sure to tell them you are staying at the Harrah's Joliet hotel.
* More info on the hotel can be found here: Fall 2010 Unconference Hotel Information - [https://wiki.jasig.org/x/oYPEAQ]
4. Make travel arrangements.
Tips are available here: Fall 2010 Unconference Travel Information - [https://wiki.jasig.org/x/O4DNAQ]
See you at the Jasig Unconference,
The Fall 2010 Unconference Organizers
================================================================
Portlet Development Training following the Jasig 2010 Unconference
Unicon is pleased to offer a portlet development training class coinciding with the Jasig Unconference. This training class educates about the functionality and capabilities of Java portlets and how to develop them. The timing and location of this class gives conference attendees an opportunity to leverage their Jasig Unconference travel expenses.
When: Wednesday, October 20 - Friday, October 22, 2010
Where: University of St. Francis, Joliet, IL
Explore the functionality and capabilities of portlets.
The Portlet Development Training course serves as an introduction and guide to developing standards-compliant portlets. With this training course you will receive hands-on experience ranging from the building and deployment of portlets to techniques for organizing code in a clean, architecturally-sound way.
Join Andrew Wills, Software Architect at Unicon, as he guides you through this exclusive Portlet Development Training course. This training will transform your ability to successfully develop portlets.
Topics for this training course include:
* Portlet Specification Overview
* Apache Pluto Overview
* Portlet API
* Obtaining 3rd-party Portlets
* Portlet Installation
* Development Environment
* Use of Eclipse IDE
* Hello World Portlet
* Advanced Portlet Applications
* Portlet Security
* Debugging Portlets
* uPortal Roadmap
To learn more about Unicon's Portlet Development Training, click here: http://www.unicon.net/training/uportal/development
Act Fast!
Seating is limited, so register today.
Signing up is easy -- Just click the register link below. Cost for this training course is $1,495.
Registration Link at: http://www.unicon.net/node/1411
================================================================
JASIG PROJECTS
Central Authentication Service (CAS)
Multi-Factor Authentication Design
As many of you know, we've been conducting calls on adding multi-factor authentication support to CAS. We're looking to now expand the collaboration to the mailing list. So this will be a first in a series of threads about multi-factor authentication.
One of the items were working on how is how to represent to the failure to satisfy the MFA requirements to the user.
We currently send back the following information when there is a failure to obtain a ticket:https://source.jasig.org/cas3/trunk/cas-server-api/src/main/java/org/jasig/cas/server/login/ServiceAccessResponse.java
(via extension: https://source.jasig.org/cas3/trunk/cas-server-api/src/main/java/org/jasig/cas/server/login/LoginResponse.java)
Essentially its all of the authentication reasons a request might fail. There are some exceptions for when sessions are invalid, or a ticket can't be created (i.e. the protocol isn't recognized).
We now need to represent MFA failures. There appear to be a few options:
* Throw an exception (but then what would the payload of this exception be?)
* Return the name of the policy that failed to be satisfied (and delegate the request for additional information to the policy?)
* Return what needs to be done to satisfy the policy (this could mean the list of credentials that could satisfy the requirement)
One concern is that policies could get too complicated to represent well via this return method. Though for complex polices, this would just move the complexity to the policy interface.
Anyone have any other ideas on ways to represent this information? Anyone done something similar?
We're trying to get these APIs stable for 3.5 even if complete MFA support isn't in 3.5 (we're looking to do this since 3.5 is already introducing major API changes). The alternative is to design the APIs organically (i.e. we know how to deal with multiple credentials and we know how to deal with it and we have support so implement that now and just change the other APIs later). The alternative may be okay because while its a major API most people will use our presentation logic that calls it as well as our default implementation.
Cheers,
Scott
Scott Battaglia
Chair, Jasig Central Authentication Service Steering Committee
================================================================
phpCAS Client 1.1.2 Release
We are pleased to announce the new 1.1.2 release for phpCAS. This release contains 2 security fixes. One of them is a serious issue. All older versions should be upgraded.
The release is fully compatible with all versions since 1.0.
The changes are:
Security Fixes
* Fix a session hijacking hole CVE-2010-2795 [PHPCAS-61]
* Callback url in proxy mode should be urlencoded, possible XSS CVE-2010-2796 [PHPCAS-67]
Bug Fixes
* Fix warnings for SAML responses without attributes [PHPCAS-59]
* Fix duplicate SAML debug output [PHPCAS-64]
* Providing a new ST/PT/SA during an authenticated session will be ignored and a warning will be issued to the debug log. [PHPCAS-61]
* Fix 2 undefinded variable notices in serviceWeb() [PHPCAS-68]
* Prevent domxml-php4-to-php5 to be inclueded twice [PHPCAS-48]
Improvement
* Debug log now contains phpCAS version information [PHPCAS-62]
The release is available here:http://downloads.jasig.org/cas-clients/php/1.1.2/
phpCAS needs your support. Right now there is only one active developer and a few people that help out from time to time. Any help programming, testing and documenting would be appreciated.
Thanks to Matthew Brooks and Cary Kim who have already started helping.
================================================================
uPortal
uPortal Documentation Progress
This time of year has always been a bit chaotic due to the start of the fall semester for many of us. But, despite the challenge, we have been solidifying the first half of the documentation of the uPortal 3.2 manual and we are continuing with organizing and creating new content for the next section of the manual; Configuring uPortal. Most of the content that is relevant to the latest release has been transferred over from the previous manuals and reorganization of existing content is being done to make the document as clear as possible.
The participation from the community has been wonderful! I have received feedback and content each week as the call for documentation emails have been sent out on a consistent basis. Thank you to those of you who have participated in the documentation efforts I think it's really starting to reflect in the content. For those of you who don't know what to contribute, I have included some ideas below that are equally as important and anything you have to offer really does help.
Some ways you can assist with the documentation may include:
* Ideas for topics to include in the documentation
* Screen shots. Sometimes it's better explained with an image then with words.
* Proofreading documentation for grammatical mistakes or misspellings
* If you are in the process of installing/configuring uPortal and you experience areas of the documentation that need attention please don't be shy, let us know and we'll try to make it better.
* Links to some great references on topics.
* Attending the Unconference in October and participate in the Documentation efforts by assisting with writing, editing, or offering further ideas on how to make the manual successful.
If you ever have any questions or concerns about the Documentation, please contact me at mccordl@southwestern.edu
Thanks,
Laura McCord
Southwestern University
uPortal Documentation Coordinator
================================================================
Customize Portal Gallery
Good news!
On behalf of BYU, Unicon is designing and implementing a new interface to customizing the portal: content, layout, and skins. The new interface is being called the gallery. The proposed design is a huge improvement to the user experience. You can check out the design here:https://wiki.jasig.org/display/UPC/Customize+Portal+Gallery
This work will be done in trunk for the next major release.
All feedback is welcome.
Gary Thompson
User Experience Leader
Unicon | www.unicon.net
================================================================
uPortal and Grouper
"uPortal is continuing to pursue integration with Grouper, an open-source enterprise group management toolkit from Internet2. Over the past month, Unicon's Cooperative Support team has integrated code donated by the University of Chicago, and an initial group store implementation is now available in the uPortal trunk.
A roadmap of next steps may be found at https://spaces.internet2.edu/display/GrouperWG/Grouper+uPortal+integration.
Many thanks to Chris Hyzer from the Grouper team for all his assistance."
================================================================
Bedework
Bedework-ing: Jasig Unconference
As announced previously, registration is now open for the Jasig Unconference, to be held the week of October 18th. This will be the first Unconference where Bedework is a Jasig sponsored project.
In last month’s newsletter IU suggested some Bedework topics. Make this your Unconference by attending and participating in the Bedework discussions.
Those of you who are now deploying Bedework, those who have recently deployed Bedework, or those of you considering a Bedework deployment may find the Unconference a great venue to jumpstart your Bedework projects, and to become better acquainted, and involved with, the Bedework Community.
We look forward to meeting fellow Bedework-ers at the Unconference.
Bedework--ing: Girasole Consulting
Girasole Consulting is now a Jasig Affiliate (see http://www.jasig.org/jasig-membership-affiliates), providing Bedework consulting services. Barry Leibson, the principal at Girasole, is a Bedework contributor.
Bedework-ing: Recent Bedework deployments
We welcome the following institutions to the Bedework family:
San Diego State University (“Events at State”, http://events.sdsu.edu/),
The University at Albany (http://events.albany.edu),
Colgate University (http://calendar.colgate.edu), and
Northern Arizona University (http://events.nau.edu/)
Bedework-ing: 2-3-98 Conference
Jonathan Markow and I attended the third annual “2-3-98” conference at SUNY Delhi.
(https://confluence.delhi.edu/display/CIS/2-3-98+Conference,+2010)
In previous years, we have presented on Bedework, but this year, Jasig was a co-sponsor of the event. We were joined by my RPI colleague Mark Miller to talk about our deployment of Jasig’s HelpDesk project, now in incubation. Nonetheless, we had many opportunities to talk with attendees about Bedework, and we anticipate some follow-up activities and conversations will take place. We would like to thank the folks at SUNY Delhi for their very gracious hospitality. Seehttps://my.dimdim.com/view/all/2-3-98/default/c1e2d0a6-bdb8-4864-a36c-f3c6127f7660
and https://confluence.delhi.edu/display/CIS/2-3-98+Conference,+2010.
Bedework-ing: Jasig Vimeo Videos
The videos alluded to in the June Jasig Newsletter
(http://www.jasig.org/jasig-newsletters/june-2010) are now available,
in Spanish only, on the Jasig Vimeo site athttp://www.vimeo.com/jasig/videos. Juan Cruz Ruiz de Gauna leads a
screen cast of the Universidad Pública de Navarra’s Bedework
implementation, and there are interviews with our UPNA Bedework-ers
Juan Cruz, Carlos Alonso, and Ana Rodríguez Mazquiarán.
Bedework-ing: Calendaring Industry News
CalConnect’s TIMEZONE Technical Committee, chaired by Mike Douglass, has published Timezone Service Protocol and Timezone XML Specification, and the proposals have been submitted to the IETF as Internet Drafts.
The Timezone Service Protocol defines a timezone service protocol that allows reliable, secure and fast delivery of timezone information to client systems such as calendaring and scheduling applications or operating systems. The Timezone XML Specification describes a format for describing timezone information for software and services.
See:http://www.calconnect.org/CD1007%20Timezone%20Service.shtml andhttp://ietfreport.isoc.org/idref/draft-douglass-timezone-xml/
Mike is also co-editor of a web services API implementation for Calendaring and Scheduling in response to the NIST Smart Grid Standards Roadmap. This proposal is based on the xCal and is being done in conjunction with the OASIS WS-CALENDAR Technical Committee. It is intended to form the basis of the web services content for WS-CALENDAR.
Bedework-ing: none of the above
We have been speaking with a couple of commercial calendaring client vendors about closer development collaboration. Hopefully we will have a more substantive report in next month’s newsletter.
We paid a visit to Brown University, a Bedework site. We spoke with Steve Carmody, a member of the Bedework Steering Committee and leader of Internet2’s Shibboleth project. We discussed calendaring use cases around VO’s (virtual organizations), and exploiting calendaring and mobile devices to facilitate university activities associated with commencement, conferences, etc. We agreed to a pilot project to explore these areas more fully.
Gary Schwartz
================================================================
AROUND JASIG
Jasig to Host New Open Source Community of Practice
“The 2-3-98 Project” to Provide a Forum for Higher Education Managers, Administrators
Delhi, NY--August 12, 2010-- Jasig, the non-profit consortium sponsoring open source, higher education technology projects, today announced the launch of a new community of practice, “The 2-3-98 Project”.
The 2-3-98 Project will provide self-support for college and university administrators, managers, and practitioners wishing to take best advantage of open initiatives, in order to reduce costs and increase choice. The project will deploy mailing lists, wiki, white papers, and events to define, assess, and articulate practices promoting success for higher education adopters.
Jasig announced the new project at SUNY Delhi’s third annual 2-3-98 Conference, an event promoting open source in higher education. Patrick Masson, Chief Technology Officer at UMassOnline, and former Chief Information Officer at SUNY Delhi, and Ken Udas, UMassOnline CEO, are organizers of the new Jasig project.
“The 2-3-98 Project reflects a growing recognition that openness is becoming part of a broader dialogue within many organizations,” said Udas. “I believe that Jasig is doing something quite unique and valuable by providing a venue to help explore the relationships between OSS and the organization. It is my feeling that the exploration will lead well beyond the formal information and technology functions and extend beyond software to OER, open access research, and to open governance.“
“Considering that the value of open source software, and even the ideas around openness, remain the subject of much debate, I would hope that the 2-3-98 Project can foster discussion, contribute understanding, and advance technology development and adoption throughout higher education,” said Masson. “I am very excited to be working with Jasig. Jasig's years of experience supporting open source projects and the communities that contribute to their development, as well as their focus on higher education, will provide tremendous resources for 2-3-98 and advance an honest dialogue around open initiatives. Considering the success of Jasig's other projects, I know we have a lot of hard, and fun, work ahead.”
“By looking together at the risks, rewards, challenges, and methods of implementing open source applications, we hope to create a dialog that will provide insights and practice guidelines to help campuses be successful,” said Jonathan Markow, Jasig Executive Director. “The 2-3-98 Project is a great fit with Jasig’s values of peer support and collaboration. We believe that providing a forum and resources for this initiative fills an important, unmet need in the higher education community.”
Jasig has created a mailing list for The 2-3-98 Project. Visit the Jasig wiki at https://wiki.jasig.org/display/JSG/2-3-98 to subscribe.
================================================================
UPCOMING COMMUNITY EVENTS
2010 EDUCAUSE Annual Conference - Anaheim, California (October 12-15, 2010)
"In the realm of higher education information technology, no other event brings together more powerful, creative minds in the field than the EDUCAUSE Annual Conference…
CONNECT with colleagues and explore solutions to today’s common higher ed IT challenges.
EMPOWER action by uncovering new ways to enhance your campus’s resources and policies.
REVITALIZE and ignite ideas that help you navigate and shape our ever-changing future.
The EDUCAUSE Annual Conference unites the best thinking in higher education IT by bringing together insightful people, innovative research, supportive companies, and useful resources...providing you opportunities to:
* Network with peers who share similar interests and concerns
* Explore 7 tracks, more than 250 sessions, and over 200 exhibitors
* Discover Point/Counterpoint, Lightning Round, In the Hot Seat, and Discussion Sessions
* Refresh & Renew by learning from nearly 500 forward-thinking, inspirational speakers
Whether your focus is on administration, teaching and learning, information technology infrastructure, information systems, cybersecurity, policy, library systems or information technology leadership, there's something at the annual conference for you."
Source: http://www.educause.edu/E2010
================================================================
Fall 2010 Internet2 Member Meeting - Atlanta, Georgia (November 1-4, 2010)
"The Internet2 community will come together from November 1--4, 2010 in Atlanta, Georgia for its annual Fall Member Meeting."
"Internet2 Member Meetings bring the member community together for interactive discussions about new and ongoing work and provide a venue for members to make connections and form new collaborations. Additionally, the side meetings held in conjunction with the Member Meeting provide forums for Working Groups, SIGs and BoFs to meet face-to-face."http://events.internet2.edu/2010/fall-mm/
Follow us on Twitter: #I2FMM10
================================================================
Kuali Days 2010 - San Diego, California (November 8-10, 2010)
With Kuali projects moving from theory to practice and more institutions adopting Kuali applications, Kuali Days is changing from an internal community event focused on teams of subject matter experts to an event that will engage a wider audience that includes adopters, potential adopters, and end-users. We encourage the Kuali community to join us for the next generation of Kuali Days.
Conference attendees include a variety of people from current and potential member institutions, adopters, and commercial businesses including executive leaders, users, implementation staff and developers from Kuali applications. The tracks featured this year will follow the conference theme of From Theory to Practice.
* Kuali Financial Systems (KFS)
* Kuali Coeus (KC)
* Kuali Student (KS)
* Kuali Rice (Rice)
* Kuali Implementers
* Other Topics
Source: http://kuali.org/kd
Registration: https://www.concentra-cms.com/register/start.action?confId=47
================================================================
================================================================
Jasig Newsletter - August 2010
Editor: Mark Rogers (University of Manitoba)
Online edition at: http://www.jasig.org/jasig-newsletters/august-2010
Past editions of the Jasig Newsletter can also be found in the Jasig wiki at: https://wiki.jasig.org/display/JSG/Newsletter
================================================================
================================================================
JASIG FALL UNCONFERENCE
Registration is Open for the Jasig Fall Unconference!
WHY ATTEND THE JASIG UNCONFERENCE?
An unconference is an event featuring spontaneously planned activities based on the interests and needs of the participants.
Attend this year's Unconference if you would like to:
* Meet with experts, newbies, and everyone in-between from a variety of open source communities
* Pursue a topic that's important to you and your institution
* Collaborate and compare best practices with your peers
* Get up to speed on uPortal, CAS, Bedework, IdM Topics, Portlets, OpenRegistry, HelpDesk, and other applications
* Bring home solutions that you can use
* Get help with your own code
* Work on integration projects
* Help improve our user manuals
* Record a demo of your work in our "Screencast Factory"
* Spend time in informal discussion about the subjects that are of most interest to you
* Decide for yourself what you'd like to gain from the event!
The costs are low. The learning opportunities are incomparable!
REGISTER NOW:
- Registration fee for the October 2010 Jasig Unconference: $225/Members, $275/Non-Members
- Nightly rate at Harrah's Hotel: $88.99
- Two-and-a-half days talking, learning, teaching, planning, designing, coding, and hanging out with your peers: Priceless!
DATES:
October 18-20, Unconference sessions
October 20-21, Developer/Implementer meetings
PLACE:
University of St. Francis
500 Wilcox St., Joliet, IL 60435
REGISTRATION SITE: [https://www.concentra-cms.com/register/start.action?confId=46]
MAIN UNCONFERENCE SITE: [http://bit.ly/jasigunconf2010]
ACCOMMODATIONS:
Harrah's Joliet
151 N. Joliet Street, Joliet, IL
Reservation Line: 800-Harrahs (1-800-427-7247)
Hotel Direct #: (815) 740-7800
Room rate: $88.99 plus tax per room. Includes breakfast voucher for breakfast in the Union Station Buffet.
Rooms must be booked by 10/3/2010 to get the guaranteed rate.
Reference group code "S1017JC" to get the special Jasig rate.
I CAN'T STOP MYSELF! WHAT SHOULD I DO NEXT?
If you're planning to join us, please do the following:
1. Visit and Add your Name on the Unconference Planning Site on the Jasig wiki. This is a great place to indicate your interests---what you'd like to discuss, learn, share or teach.
Wiki participants page: [https://wiki.jasig.org/display/JCON/Fall+2010+Unconference+Participants]
2. Register for the Unconference right here: [https://www.concentra-cms.com/register/start.action?confId=46]
3. Reserve a room at the Harrah's Joliet Hotel.
* Register by October 3rd, by calling the Harrah's reservation line at 800-Harrahs (1-800-427-7247).
* Reference group code "S1017JC" to get the Jasig rate of $88.99/night. Be sure to tell them you are staying at the Harrah's Joliet hotel.
* More info on the hotel can be found here: Fall 2010 Unconference Hotel Information - [https://wiki.jasig.org/x/oYPEAQ]
4. Make travel arrangements.
Tips are available here: Fall 2010 Unconference Travel Information - [https://wiki.jasig.org/x/O4DNAQ]
See you at the Jasig Unconference,
The Fall 2010 Unconference Organizers
================================================================
Portlet Development Training following the Jasig 2010 Unconference
Unicon is pleased to offer a portlet development training class coinciding with the Jasig Unconference. This training class educates about the functionality and capabilities of Java portlets and how to develop them. The timing and location of this class gives conference attendees an opportunity to leverage their Jasig Unconference travel expenses.
When: Wednesday, October 20 - Friday, October 22, 2010
Where: University of St. Francis, Joliet, IL
Explore the functionality and capabilities of portlets.
The Portlet Development Training course serves as an introduction and guide to developing standards-compliant portlets. With this training course you will receive hands-on experience ranging from the building and deployment of portlets to techniques for organizing code in a clean, architecturally-sound way.
Join Andrew Wills, Software Architect at Unicon, as he guides you through this exclusive Portlet Development Training course. This training will transform your ability to successfully develop portlets.
Topics for this training course include:
* Portlet Specification Overview
* Apache Pluto Overview
* Portlet API
* Obtaining 3rd-party Portlets
* Portlet Installation
* Development Environment
* Use of Eclipse IDE
* Hello World Portlet
* Advanced Portlet Applications
* Portlet Security
* Debugging Portlets
* uPortal Roadmap
To learn more about Unicon's Portlet Development Training, click here:
http://www.unicon.net/training/uportal/development
Act Fast!
Seating is limited, so register today.
Signing up is easy -- Just click the register link below. Cost for this training course is $1,495.
Registration Link at: http://www.unicon.net/node/1411
================================================================
JASIG PROJECTS
Central Authentication Service (CAS)
Multi-Factor Authentication Design
As many of you know, we've been conducting calls on adding multi-factor authentication support to CAS. We're looking to now expand the collaboration to the mailing list. So this will be a first in a series of threads about multi-factor authentication.
One of the items were working on how is how to represent to the failure to satisfy the MFA requirements to the user.
We currently send back the following information when there is a failure to obtain a ticket:
(via extension: https://source.jasig.org/cas3/trunk/cas-server-api/src/main/java/org/jasig/cas/server/login/LoginResponse.java)
Essentially its all of the authentication reasons a request might fail. There are some exceptions for when sessions are invalid, or a ticket can't be created (i.e. the protocol isn't recognized).
We now need to represent MFA failures. There appear to be a few options:
* Throw an exception (but then what would the payload of this exception be?)
* Return the name of the policy that failed to be satisfied (and delegate the request for additional information to the policy?)
* Return what needs to be done to satisfy the policy (this could mean the list of credentials that could satisfy the requirement)
One concern is that policies could get too complicated to represent well via this return method. Though for complex polices, this would just move the complexity to the policy interface.
Anyone have any other ideas on ways to represent this information? Anyone done something similar?
We're trying to get these APIs stable for 3.5 even if complete MFA support isn't in 3.5 (we're looking to do this since 3.5 is already introducing major API changes). The alternative is to design the APIs organically (i.e. we know how to deal with multiple credentials and we know how to deal with it and we have support so implement that now and just change the other APIs later). The alternative may be okay because while its a major API most people will use our presentation logic that calls it as well as our default implementation.
Cheers,
Scott
Scott Battaglia
Chair, Jasig Central Authentication Service Steering Committee
================================================================
phpCAS Client 1.1.2 Release
We are pleased to announce the new 1.1.2 release for phpCAS. This release contains 2 security fixes. One of them is a serious issue. All older versions should be upgraded.
The release is fully compatible with all versions since 1.0.
The changes are:
Security Fixes
* Fix a session hijacking hole CVE-2010-2795 [PHPCAS-61]
* Callback url in proxy mode should be urlencoded, possible XSS CVE-2010-2796 [PHPCAS-67]
Bug Fixes
* Fix warnings for SAML responses without attributes [PHPCAS-59]
* Fix duplicate SAML debug output [PHPCAS-64]
* Providing a new ST/PT/SA during an authenticated session will be ignored and a warning will be issued to the debug log. [PHPCAS-61]
* Fix 2 undefinded variable notices in serviceWeb() [PHPCAS-68]
* Prevent domxml-php4-to-php5 to be inclueded twice [PHPCAS-48]
Improvement
* Debug log now contains phpCAS version information [PHPCAS-62]
The release is available here:
http://downloads.jasig.org/cas-clients/php/1.1.2/
phpCAS needs your support. Right now there is only one active developer and a few people that help out from time to time. Any help programming, testing and documenting would be appreciated.
Thanks to Matthew Brooks and Cary Kim who have already started helping.
================================================================
uPortal
uPortal Documentation Progress
This time of year has always been a bit chaotic due to the start of the fall semester for many of us. But, despite the challenge, we have been solidifying the first half of the documentation of the uPortal 3.2 manual and we are continuing with organizing and creating new content for the next section of the manual; Configuring uPortal. Most of the content that is relevant to the latest release has been transferred over from the previous manuals and reorganization of existing content is being done to make the document as clear as possible.
The participation from the community has been wonderful! I have received feedback and content each week as the call for documentation emails have been sent out on a consistent basis. Thank you to those of you who have participated in the documentation efforts I think it's really starting to reflect in the content. For those of you who don't know what to contribute, I have included some ideas below that are equally as important and anything you have to offer really does help.
Some ways you can assist with the documentation may include:
* Ideas for topics to include in the documentation
* Screen shots. Sometimes it's better explained with an image then with words.
* Proofreading documentation for grammatical mistakes or misspellings
* If you are in the process of installing/configuring uPortal and you experience areas of the documentation that need attention please don't be shy, let us know and we'll try to make it better.
* Links to some great references on topics.
* Attending the Unconference in October and participate in the Documentation efforts by assisting with writing, editing, or offering further ideas on how to make the manual successful.
If you ever have any questions or concerns about the Documentation, please contact me at mccordl@southwestern.edu
Thanks,
Laura McCord
Southwestern University
uPortal Documentation Coordinator
================================================================
Customize Portal Gallery
Good news!
On behalf of BYU, Unicon is designing and implementing a new interface to customizing the portal: content, layout, and skins. The new interface is being called the gallery. The proposed design is a huge improvement to the user experience. You can check out the design here:
https://wiki.jasig.org/display/UPC/Customize+Portal+Gallery
This work will be done in trunk for the next major release.
All feedback is welcome.
Gary Thompson
User Experience Leader
Unicon | www.unicon.net
================================================================
uPortal and Grouper
"uPortal is continuing to pursue integration with Grouper, an open-source enterprise group management toolkit from Internet2. Over the past month, Unicon's Cooperative Support team has integrated code donated by the University of Chicago, and an initial group store implementation is now available in the uPortal trunk.
A roadmap of next steps may be found at
https://spaces.internet2.edu/display/GrouperWG/Grouper+uPortal+integration.
Many thanks to Chris Hyzer from the Grouper team for all his assistance."
================================================================
Bedework
Bedework-ing: Jasig Unconference
As announced previously, registration is now open for the Jasig Unconference, to be held the week of October 18th. This will be the first Unconference where Bedework is a Jasig sponsored project.
In last month’s newsletter IU suggested some Bedework topics. Make this your Unconference by attending and participating in the Bedework discussions.
Those of you who are now deploying Bedework, those who have recently deployed Bedework, or those of you considering a Bedework deployment may find the Unconference a great venue to jumpstart your Bedework projects, and to become better acquainted, and involved with, the Bedework Community.
We look forward to meeting fellow Bedework-ers at the Unconference.
Bedework--ing: Girasole Consulting
Girasole Consulting is now a Jasig Affiliate (see http://www.jasig.org/jasig-membership-affiliates), providing Bedework consulting services. Barry Leibson, the principal at Girasole, is a Bedework contributor.
Bedework-ing: Recent Bedework deployments
We welcome the following institutions to the Bedework family:
San Diego State University (“Events at State”, http://events.sdsu.edu/),
The University at Albany (http://events.albany.edu),
Colgate University (http://calendar.colgate.edu), and
Northern Arizona University (http://events.nau.edu/)
Bedework-ing: 2-3-98 Conference
Jonathan Markow and I attended the third annual “2-3-98” conference at SUNY Delhi.
(https://confluence.delhi.edu/display/CIS/2-3-98+Conference,+2010)
In previous years, we have presented on Bedework, but this year, Jasig was a co-sponsor of the event. We were joined by my RPI colleague Mark Miller to talk about our deployment of Jasig’s HelpDesk project, now in incubation. Nonetheless, we had many opportunities to talk with attendees about Bedework, and we anticipate some follow-up activities and conversations will take place. We would like to thank the folks at SUNY Delhi for their very gracious hospitality. See
https://my.dimdim.com/view/all/2-3-98/default/c1e2d0a6-bdb8-4864-a36c-f3c6127f7660
and
https://confluence.delhi.edu/display/CIS/2-3-98+Conference,+2010.
Bedework-ing: Jasig Vimeo Videos
The videos alluded to in the June Jasig Newsletter
(http://www.jasig.org/jasig-newsletters/june-2010) are now available,
in Spanish only, on the Jasig Vimeo site at
http://www.vimeo.com/jasig/videos. Juan Cruz Ruiz de Gauna leads a
screen cast of the Universidad Pública de Navarra’s Bedework
implementation, and there are interviews with our UPNA Bedework-ers
Juan Cruz, Carlos Alonso, and Ana Rodríguez Mazquiarán.
Bedework-ing: Calendaring Industry News
CalConnect’s TIMEZONE Technical Committee, chaired by Mike Douglass, has published Timezone Service Protocol and Timezone XML Specification, and the proposals have been submitted to the IETF as Internet Drafts.
The Timezone Service Protocol defines a timezone service protocol that allows reliable, secure and fast delivery of timezone information to client systems such as calendaring and scheduling applications or operating systems. The Timezone XML Specification describes a format for describing timezone information for software and services.
See:
http://www.calconnect.org/CD1007%20Timezone%20Service.shtml and
http://ietfreport.isoc.org/idref/draft-douglass-timezone-xml/
Mike is also co-editor of a web services API implementation for Calendaring and Scheduling in response to the NIST Smart Grid Standards Roadmap. This proposal is based on the xCal and is being done in conjunction with the OASIS WS-CALENDAR Technical Committee. It is intended to form the basis of the web services content for WS-CALENDAR.
Bedework-ing: none of the above
We have been speaking with a couple of commercial calendaring client vendors about closer development collaboration. Hopefully we will have a more substantive report in next month’s newsletter.
We paid a visit to Brown University, a Bedework site. We spoke with Steve Carmody, a member of the Bedework Steering Committee and leader of Internet2’s Shibboleth project. We discussed calendaring use cases around VO’s (virtual organizations), and exploiting calendaring and mobile devices to facilitate university activities associated with commencement, conferences, etc. We agreed to a pilot project to explore these areas more fully.
Gary Schwartz
================================================================
AROUND JASIG
Jasig to Host New Open Source Community of Practice
“The 2-3-98 Project” to Provide a Forum for Higher Education Managers, Administrators
Delhi, NY--August 12, 2010-- Jasig, the non-profit consortium sponsoring open source, higher education technology projects, today announced the launch of a new community of practice, “The 2-3-98 Project”.
The 2-3-98 Project will provide self-support for college and university administrators, managers, and practitioners wishing to take best advantage of open initiatives, in order to reduce costs and increase choice. The project will deploy mailing lists, wiki, white papers, and events to define, assess, and articulate practices promoting success for higher education adopters.
Jasig announced the new project at SUNY Delhi’s third annual 2-3-98 Conference, an event promoting open source in higher education. Patrick Masson, Chief Technology Officer at UMassOnline, and former Chief Information Officer at SUNY Delhi, and Ken Udas, UMassOnline CEO, are organizers of the new Jasig project.
“The 2-3-98 Project reflects a growing recognition that openness is becoming part of a broader dialogue within many organizations,” said Udas. “I believe that Jasig is doing something quite unique and valuable by providing a venue to help explore the relationships between OSS and the organization. It is my feeling that the exploration will lead well beyond the formal information and technology functions and extend beyond software to OER, open access research, and to open governance.“
“Considering that the value of open source software, and even the ideas around openness, remain the subject of much debate, I would hope that the 2-3-98 Project can foster discussion, contribute understanding, and advance technology development and adoption throughout higher education,” said Masson. “I am very excited to be working with Jasig. Jasig's years of experience supporting open source projects and the communities that contribute to their development, as well as their focus on higher education, will provide tremendous resources for 2-3-98 and advance an honest dialogue around open initiatives. Considering the success of Jasig's other projects, I know we have a lot of hard, and fun, work ahead.”
“By looking together at the risks, rewards, challenges, and methods of implementing open source applications, we hope to create a dialog that will provide insights and practice guidelines to help campuses be successful,” said Jonathan Markow, Jasig Executive Director. “The 2-3-98 Project is a great fit with Jasig’s values of peer support and collaboration. We believe that providing a forum and resources for this initiative fills an important, unmet need in the higher education community.”
Jasig has created a mailing list for The 2-3-98 Project. Visit the Jasig wiki at https://wiki.jasig.org/display/JSG/2-3-98 to subscribe.
================================================================
UPCOMING COMMUNITY EVENTS
2010 EDUCAUSE Annual Conference - Anaheim, California (October 12-15, 2010)
"In the realm of higher education information technology, no other event brings together more powerful, creative minds in the field than the EDUCAUSE Annual Conference…
CONNECT with colleagues and explore solutions to today’s common higher ed IT challenges.
EMPOWER action by uncovering new ways to enhance your campus’s resources and policies.
REVITALIZE and ignite ideas that help you navigate and shape our ever-changing future.
The EDUCAUSE Annual Conference unites the best thinking in higher education IT by bringing together insightful people, innovative research, supportive companies, and useful resources...providing you opportunities to:
* Network with peers who share similar interests and concerns
* Explore 7 tracks, more than 250 sessions, and over 200 exhibitors
* Discover Point/Counterpoint, Lightning Round, In the Hot Seat, and Discussion Sessions
* Refresh & Renew by learning from nearly 500 forward-thinking, inspirational speakers
Whether your focus is on administration, teaching and learning, information technology infrastructure, information systems, cybersecurity, policy, library systems or information technology leadership, there's something at the annual conference for you."
Source: http://www.educause.edu/E2010
================================================================
Fall 2010 Internet2 Member Meeting - Atlanta, Georgia (November 1-4, 2010)
"The Internet2 community will come together from November 1--4, 2010 in Atlanta, Georgia for its annual Fall Member Meeting."
"Internet2 Member Meetings bring the member community together for interactive discussions about new and ongoing work and provide a venue for members to make connections and form new collaborations. Additionally, the side meetings held in conjunction with the Member Meeting provide forums for Working Groups, SIGs and BoFs to meet face-to-face."
http://events.internet2.edu/2010/fall-mm/
Follow us on Twitter: #I2FMM10
================================================================
Kuali Days 2010 - San Diego, California (November 8-10, 2010)
With Kuali projects moving from theory to practice and more institutions adopting Kuali applications, Kuali Days is changing from an internal community event focused on teams of subject matter experts to an event that will engage a wider audience that includes adopters, potential adopters, and end-users. We encourage the Kuali community to join us for the next generation of Kuali Days.
Conference attendees include a variety of people from current and potential member institutions, adopters, and commercial businesses including executive leaders, users, implementation staff and developers from Kuali applications. The tracks featured this year will follow the conference theme of From Theory to Practice.
* Kuali Financial Systems (KFS)
* Kuali Coeus (KC)
* Kuali Student (KS)
* Kuali Rice (Rice)
* Kuali Implementers
* Other Topics
Source: http://kuali.org/kd
Registration: https://www.concentra-cms.com/register/start.action?confId=47
================================================================
================================================================
Jasig Newsletter - August 2010
Editor: Mark Rogers (University of Manitoba)
Online edition at:
http://www.jasig.org/jasig-newsletters/august-2010
Past editions of the Jasig Newsletter can also be found in the Jasig wiki at:
https://wiki.jasig.org/display/JSG/Newsletter
================================================================
================================================================