Date: Thu, 28 Mar 2024 23:01:46 +0000 (UTC) Message-ID: <1709278737.7153.1711666906717@ip-10-10-7-29.ec2.internal> Subject: Exported From Confluence MIME-Version: 1.0 Content-Type: multipart/related; boundary="----=_Part_7152_1660327533.1711666906717" ------=_Part_7152_1660327533.1711666906717 Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: quoted-printable Content-Location: file:///C:/exported.html
Gary Schwartz
Bedework is an open-source, Java-based, standards-compliant, enterprise = calendar system designed to primarily serve higher education. Bedework has = a centralized server architecture and web-based clients, and can be accesse= d from CalDAV clients such as Apple's ical and iPhone, Mozilla's Lightning,= and the ZideOne plug-in for Outlook.
The main Bedework components include public calendar suites & data f= eeds, web-based clients for administration, event submission, and personal = calendaring, and servers for CalDAV, CardDAV, and Timezones.
Anthropomorphically speaking, Bedework strives to be the leading Java-ba= sed, interoperable calendaring system in higher ed, and looks to transform = itself, hopefully without any human intervention whatsoever, into an = events-driven, SOA/WS system, providing the infrastructure for "calendaring= as a platform" - the "World Wide Calendar".
Java, Struts, Hibernate, Ehcache, iCal4j, Lucene, jQuery, Xalan-Java, Ap= ache Commons.
Bedework is implemented as fully standard (JSR 154) collection of servle= ts, and as such relies on the container for authentication.
Managed Information |
Consume? |
Produce? |
Broker/Convey? |
---|---|---|---|
Privileges |
|
X |
|
Roles |
|
|
|
Groups |
X |
|
|
Attributes |
X |
|
|
Identification |
X |
|
|
Defined Interfaces |
Consume? |
Produce? |
Broker/Convey? |
Authentication |
X |
|
|
Attributes |
X |
|
|
Permissions |
|
X |
|
Provisioning |
|
|
|
Authorization |
|
X |
|
Subjects |
|
|
|
Other |
Consume? |
Produce? |
Broker/Convey? |
Bedework implements interfaces which provide basic LDAP support to obtai= n principal group information and principal attributes.
Shibbolized instances of Bedework have been deployed, but there are comp= atibility issues with CalDAV and Shibboleth.
Authorization within the Bedework services is based on DAV access contro= l using ACLs. This is proving to be complex for users, and inadequate in th= at the assignment of roles to a principal needs to affect multiple services= , e.g. CalDAV and CardDAV.
Shibboleth implements the Web Browser Single-Sign On profile of SAML, wh= ich requires a full web-browser to run. Virtually no *-DAV clients are full= web browsers. We need something else to base federated identity authorizat= ion for *-DAV (CalDAV, CardDAV, WebDAV, etc).