Issues at 2005-07-19

• It has been clarified by Alex Valentine of the LionShare team that we will need to install the SASL-CA server which the LionShare team have developed. This means that all institutions that run LionShare will need to install an SASL-CS server.
• The SASL-CA server gives SSL nework certificates to the LS client and seems to link up with the institutions netwoek security protocol (in Oxfords case Kerberos). It is convinient for us that Penn State already use Kerberos themselves and so our impression is that the exisiting version of the SASL-CA server may work ok with our infrasructure?
• The SASL-CA server may be adjustable to work with Shibboleth in the future? (see  http://lionshare.its.psu.edu/cgi-bin/twiki/view/Developers/SASLOverview) This may be a question for  MATU This brigs up the question of if it will be better to adjust the authourisation system in LionShare to fit UK systems better. In the mean time we need to mirror the Penn State infrastructre to gain expirience and to flush out issues.
• We are going to try and compile the SASL-CA code from Penn State and get the server running.

• It is still not clear what a minimum set-up would be. I will try to track this down by mailing Alex Valentine on the LionShare team. Would an SASL-CA server be enogh to get up and running at Oxford?
• Would we need a test LDAP server such as openLDAP?
• What is the 'shib style' authentication authority mentioned in this  doc