DRAFT
InCommon and Internet2 invite the community to respond to our request for proposal outlined below.
The InCommon Assurance has been exploring implementation challenges associated with expressing Assurance over-the-wire and identified several issues with the Shibboleth Identity Provider version 2.3.8. In addition, Internet2 received an NSTIC grant to develop an approach to scalable privacy, a component of which is supporting Multi-factor authentication across Higher Education. A key deliverable of this award is a Shibboleth Identity Provider login handler to better support multiple authentication mechanisms and interactions between (and among) them.
This document is a Request for Proposal for the development of a Shibboleth Identity Provider plugin to address the technical requirements outlined in Assurance Enhancements for the Shibboleth Identity Provider. A copy of these Enhancements will also be forwarded to the Shibboleth Consortium for inclusion in their feature discussions.
The documentation associated with this Request for Proposal consists of this document and related software requirements linked above and below.
Responses should be submitted electronically to admin@incommon.org by 11:59 pm Pacific Time on May 17, 2013.
April 15, 2013 - Release and distribution of RFP
April 17, 2013 - Community Webinar on RFP
May 17, 2013, 11:59 pm EST - Deadline for submitting proposals
June 1, 2013 - Finalists interviewed, if necessary
June 15, 2013 - Vendor selected
Questions can be sent to admin@incommon.org until May 10. They will be answered in a FAQ on this wiki.
The technical requirements for this RFPare outlined in Assurance Enhancements for the Shibboleth Identity Provider.
Internet2 requires an open development process using the Shibboleth Development list to ensure alignment of finished product. Weekly communications with InCommon staff and/or designated community collaborators during the project. Required documentation includes: Design and Architecture document, Java document, wiki page outlining configuration and logging options.
The delivered software must be open sourced and contributed to the Shibboleth Consortium and Project. \[I would think that I2 would "own" the software upon completion of the work, then I2 could contribute to the Shib Consortium. Either way, it would be licensed for open source; do we want to specify a particular license and copyright notice to be put in the code? - DHW\]
Below are 5 key phases to this development Project with suggested time frames:
Proposals should include the information outlined in this section; our ability to interpret and apply your proposal to these questions will factor into our decisions.
As Internet2 is a community-driven organization, the Review Team will include Internet2 staff and members of the higher-education community. Access to the proposals will be limited to the Internet2 Staff and the Review Team. Internet2 will work with the winning bidder on a shared community announcement and informational website.
Assessment Criteria
A RFP assessment team will review the responses using the following criteria:
Our discression to extend the code acceptance period