...
A visio of the above is available, in case you'd like to play!
Next steps
~cantor.2@osu.edu will draft initial specs for IdP enhancements needed to (1) support ECP and (2) add support for expressing policy that constrains delegation of proxy tokens.
~cantor.2@osu.edu will draft initial specs for the overall flow (of which the above is an inaccurate but indicative form).
~battags will review the above draft spec to ascertain degree of harmony with the existing CAS proxy flows.
~cantor.2@osu.edu will enhance the shibboleth SP to provide suitable logging of and policy control over acceptance of proxy tokens.
~edalquist@wisc.edu will draft initial specs for the work needed to complete the servlet filter mentioned above, as well as recommendations for using the PersonDirectory and PAGS for storing SAML attributes and mapping the user to uPortal groups.
~awp9 will review the various draft specs to ensure that together they produce a viable solution.
unknown will develop specs for a library (or whatever) to enable portlets to implement the ECP profile.
~tbarton@uchicago.edu will identify or provide a space in which to continue collaborative work on this topic, and will coordinate with appropriate Internet2, Unicon, U Chicago, and other people to keep this effort on track.
~tbarton@uchicago.edu will ensure that a portion of Unicon's engagement with U Chicago's uPortal deployment is assigned to this development activity.
~tbarton@uchicago.edu will ensure that JISC is brought in to learn of any interest they may have in this effort.