InCommon and Internet2 invite the community to respond to our request for proposal outlined below.
The InCommon Assurance Program has been exploring implementation challenges associated with expressing Assurance over-the-wire and identified several issues with the Shibboleth Identity Provider version 2.3.8. In addition, Internet2 received an NSTIC grant to develop an approach to scalable privacy, a component of which is supporting Multi-factor authentication across Higher Education. A key deliverable of this award is a Shibboleth Identity Provider login handler to better support multiple authentication mechanisms and interactions between (and among) them.
This document is a Request for Proposal for the development of a Shibboleth Identity Provider plugin to address the technical requirements outlined in Assurance Enhancements for the Shibboleth Identity Provider. A copy of these Enhancements has also been forwarded to the Shibboleth Consortium for inclusion in their feature discussions.
The documentation associated with this Request for Proposal consists of this document and related software requirements linked above and below.
Responses should be submitted electronically to firstname.lastname@example.org by 11:59 pm US Pacific Time (UTC/GMT -7 hours) on May 31, 2013. To receive updates about this RFP process, subscribe to the ShibRFPInfo list by sending email to sympa AT incommon.org with subscribe ShibRFPInfo@incommon.org in the subject. Questions submitted to InCommon will be added to the FAQ as they are received and answered.
May 1, 2013 - Release and distribution of RFP
May 7, 2013 - Bidder conference at 4:00 pm US EDT (UTC/GMT -4 hours)
May 15, 2013 - Bidder conference at 12:00 pm (Noon) US EDT (UTC/GMT -4 hours) (SLIDES)
May 17, 2013 - Final Date to submit questions to email@example.com. Current questions can be found in the FAQ.
May 31, 2013, 11:59 pm US Pacific Time (UTC/GMT -7 hours) - Deadline for submitting proposals
June 17-21, 2013 - Finalists interviewed, if necessary
June 28, 2013 - Vendor selected
The technical requirements outlined in Assurance Enhancements for the Shibboleth Identity Provider must be met.
Internet2 requires an open development process using the Shibboleth Development list to ensure alignment of finished product. Weekly communications with InCommon staff and/or designated community collaborators during the project.
Required documentation includes: Design and Architecture document, Java document, wiki page outlining configuration and logging options.
The delivered software must contain the following copyright notice: "Copyright (c) 2013 Internet2", and be licensed under the Apache License, Version 2.0 for later contribution to the Shibboleth Consortium.
Below are 5 key phases to this development Project with suggested time frames:
Proposals should include the information outlined in this section; our ability to interpret and apply your proposal to these questions will factor into our decisions.
As Internet2 is a community-driven organization, the Review Team will include Internet2 staff and members of the higher-education community. Access to the proposals will be limited to the Internet2 Staff and the Review Team. Internet2 will work with the winning bidder on a shared community announcement and informational website.
A RFP assessment team will review the responses using the following criteria:
The delivered code will be accepted when the following conditions have been met.