You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@cxf.apache.org by Oliver Wulff <ow...@talend.com> on 2012/10/04 21:59:46 UTC
Updated Fediz roadmap
Hi all
What do you think about the following roadmap?
Release 1.0.2 (include CXF STS 2.6.3)
FEDIZ-17 Current Fediz STS exposes SOAP 1.1 end point
FEDIZ-18 Make supported claims configurable in FileClaimsHandler
FEDIZ-25 Look for fediz_config.xml in catalina base too
FEDIZ-20 Maintain authentication state (Prevents using the same Fediz IDP for different RPs)
FEDIZ-27 Signout in RP (only support processing signout requests, don't support redirect signout to IDP)
FEDIZ-28 Logout capability in IDP
Release 1.1 (planned release end of year)
---------------
FEDIZ-5
Support Jetty container (will support then TESB with WAR deployment)
FEDIZ-9 CXF Plugin
- add jaxrs interceptor which adapts fediz-core to support WS-Federation for JAX-RS
- add FederationFilter, SecurityTokenThreadLocal, ThreadLocalCallbackHandler from examples"
FEDIZ-2 Support encrypted tokens
Support encrypted tokens
"Initial redesign of IDP...
custom functionality can be plugged in as ServletFilters (small state machine in IDP)
configuration design (configs per wtrealm, url to metadata or everything local, not all information can be retrieved from metadata document)"
FEDIZ-23 Support different authentication mechanism
FEDIZ-15 Support that IDP publishes Metadata document (which covers SAML-P as well)
FEDIZ-16 Instead configure required claims per wtrealm in RPClaims.xml configure the metadata url
FEDIZ-19 "IDP must provide a webpage where the user can click logout (login if requested explicitly)
All signed in apps must be cached
After signout click, IDP returns html page which downloads a resource from each RP
Support for wfresh (reauthenticate)
Pseudonym Service support
Release 1.2 (planned release Q1 of 2013)
---------------
FEDIZ-3 "Support RP-IDP/STS
add basic home realm discovery service (whr provided by RP), default RP and maybe dependent on source ip, http header, query parameter (expression language)"
FEDIZ-4 "Support for HOK
FEDIZ-7 Support for SAML-P
Looking forward for your feedback, ideas and as always welcome - patches ;-)
Thanks
Oli
------
Oliver Wulff
Blog: http://owulff.blogspot.com<http://owulff.blogspot.com/>
Solution Architect
http://coders.talend.com
<http://coders.talend.com>Talend Application Integration Division http://www.talend.com
RE: Updated Fediz roadmap
Posted by Oliver Wulff <ow...@talend.com>.
Completely agreed, I also don't want to create so many branches. There is a complete refactoring of the idp for 1.1. Therefore, I'd like to create a new branch for this. Maybe a good idea to split the plugins later but let's see what comes after 1.1 is out.
Thanks
Oli
------
Oliver Wulff
Blog: http://owulff.blogspot.com
Solution Architect
http://coders.talend.com
Talend Application Integration Division http://www.talend.com
________________________________________
From: Glen Mazza [glen.mazza@gmail.com]
Sent: 22 October 2012 14:51
To: dev@cxf.apache.org
Subject: Re: Updated Fediz roadmap
Up to you, as far as I'm concerned, but two new branches one quarter
separated from each other seems like it would be adding a lot of additional
(busy)work -- CXF itself does not move to a new branch with that kind of
frequency. If what you're planning for Release 1.2 can be added to Release
1.1 in a backwards-compatible fashion (it seems like it, as it's just new
functionality), you might wish to remain with just 1.0.x and 1.1 branches.
Assuming the number of containers that Fediz will support will grow, I
wonder it it might be more advantageous to split them out into a separate
product, potentially compatible with all versions of Fediz, so you won't
need to maintain the plugins on multiple branches. Probably too early to
think about now, but potentially food for thought later on.
Glen
Oliver Wulff-2 wrote
> Hi all
>
> What do you think about the following roadmap?
>
> Release 1.0.2 (include CXF STS 2.6.3)
>
> FEDIZ-17 Current Fediz STS exposes SOAP 1.1 end point
> FEDIZ-18 Make supported claims configurable in FileClaimsHandler
> FEDIZ-25 Look for fediz_config.xml in catalina base too
> FEDIZ-20 Maintain authentication state (Prevents using the same Fediz
> IDP for different RPs)
> FEDIZ-27 Signout in RP (only support processing signout requests, don't
> support redirect signout to IDP)
> FEDIZ-28 Logout capability in IDP
>
>
> Release 1.1 (planned release end of year)
> ---------------
>
> FEDIZ-5
> Support Jetty container (will support then TESB with WAR deployment)
>
> FEDIZ-9 CXF Plugin
> - add jaxrs interceptor which adapts fediz-core to support WS-Federation
> for JAX-RS
> - add FederationFilter, SecurityTokenThreadLocal,
> ThreadLocalCallbackHandler from examples"
>
> FEDIZ-2 Support encrypted tokens
> Support encrypted tokens
> "Initial redesign of IDP...
> custom functionality can be plugged in as ServletFilters (small state
> machine in IDP)
> configuration design (configs per wtrealm, url to metadata or everything
> local, not all information can be retrieved from metadata document)"
>
> FEDIZ-23 Support different authentication mechanism
>
> FEDIZ-15 Support that IDP publishes Metadata document (which covers
> SAML-P as well)
>
> FEDIZ-16 Instead configure required claims per wtrealm in RPClaims.xml
> configure the metadata url
>
> FEDIZ-19 "IDP must provide a webpage where the user can click logout
> (login if requested explicitly)
> All signed in apps must be cached
> After signout click, IDP returns html page which downloads a resource from
> each RP
>
> Support for wfresh (reauthenticate)
> Pseudonym Service support
>
>
> Release 1.2 (planned release Q1 of 2013)
> ---------------
>
> FEDIZ-3 "Support RP-IDP/STS
> add basic home realm discovery service (whr provided by RP), default RP
> and maybe dependent on source ip, http header, query parameter (expression
> language)"
>
> FEDIZ-4 "Support for HOK
>
> FEDIZ-7 Support for SAML-P
>
>
> Looking forward for your feedback, ideas and as always welcome - patches
> ;-)
>
> Thanks
> Oli
>
>
>
>
> ------
>
> Oliver Wulff
>
> Blog: http://owulff.blogspot.com<http://owulff.blogspot.com/>
> Solution Architect
> http://coders.talend.com
>
> <http://coders.talend.com>Talend Application Integration Division
> http://www.talend.com
--
View this message in context: http://cxf.547215.n5.nabble.com/Updated-Fediz-roadmap-tp5715685p5717154.html
Sent from the cxf-dev mailing list archive at Nabble.com.
Re: Updated Fediz roadmap
Posted by Glen Mazza <gl...@gmail.com>.
Up to you, as far as I'm concerned, but two new branches one quarter
separated from each other seems like it would be adding a lot of additional
(busy)work -- CXF itself does not move to a new branch with that kind of
frequency. If what you're planning for Release 1.2 can be added to Release
1.1 in a backwards-compatible fashion (it seems like it, as it's just new
functionality), you might wish to remain with just 1.0.x and 1.1 branches.
Assuming the number of containers that Fediz will support will grow, I
wonder it it might be more advantageous to split them out into a separate
product, potentially compatible with all versions of Fediz, so you won't
need to maintain the plugins on multiple branches. Probably too early to
think about now, but potentially food for thought later on.
Glen
Oliver Wulff-2 wrote
> Hi all
>
> What do you think about the following roadmap?
>
> Release 1.0.2 (include CXF STS 2.6.3)
>
> FEDIZ-17 Current Fediz STS exposes SOAP 1.1 end point
> FEDIZ-18 Make supported claims configurable in FileClaimsHandler
> FEDIZ-25 Look for fediz_config.xml in catalina base too
> FEDIZ-20 Maintain authentication state (Prevents using the same Fediz
> IDP for different RPs)
> FEDIZ-27 Signout in RP (only support processing signout requests, don't
> support redirect signout to IDP)
> FEDIZ-28 Logout capability in IDP
>
>
> Release 1.1 (planned release end of year)
> ---------------
>
> FEDIZ-5
> Support Jetty container (will support then TESB with WAR deployment)
>
> FEDIZ-9 CXF Plugin
> - add jaxrs interceptor which adapts fediz-core to support WS-Federation
> for JAX-RS
> - add FederationFilter, SecurityTokenThreadLocal,
> ThreadLocalCallbackHandler from examples"
>
> FEDIZ-2 Support encrypted tokens
> Support encrypted tokens
> "Initial redesign of IDP...
> custom functionality can be plugged in as ServletFilters (small state
> machine in IDP)
> configuration design (configs per wtrealm, url to metadata or everything
> local, not all information can be retrieved from metadata document)"
>
> FEDIZ-23 Support different authentication mechanism
>
> FEDIZ-15 Support that IDP publishes Metadata document (which covers
> SAML-P as well)
>
> FEDIZ-16 Instead configure required claims per wtrealm in RPClaims.xml
> configure the metadata url
>
> FEDIZ-19 "IDP must provide a webpage where the user can click logout
> (login if requested explicitly)
> All signed in apps must be cached
> After signout click, IDP returns html page which downloads a resource from
> each RP
>
> Support for wfresh (reauthenticate)
> Pseudonym Service support
>
>
> Release 1.2 (planned release Q1 of 2013)
> ---------------
>
> FEDIZ-3 "Support RP-IDP/STS
> add basic home realm discovery service (whr provided by RP), default RP
> and maybe dependent on source ip, http header, query parameter (expression
> language)"
>
> FEDIZ-4 "Support for HOK
>
> FEDIZ-7 Support for SAML-P
>
>
> Looking forward for your feedback, ideas and as always welcome - patches
> ;-)
>
> Thanks
> Oli
>
>
>
>
> ------
>
> Oliver Wulff
>
> Blog: http://owulff.blogspot.com<http://owulff.blogspot.com/>
> Solution Architect
> http://coders.talend.com
>
> <http://coders.talend.com>Talend Application Integration Division
> http://www.talend.com
--
View this message in context: http://cxf.547215.n5.nabble.com/Updated-Fediz-roadmap-tp5715685p5717154.html
Sent from the cxf-dev mailing list archive at Nabble.com.
Re: Updated Fediz roadmap
Posted by 杨华杰 <yh...@gmail.com>.
Hi Oli
I do read this a lot of times. But I still can not understand why should I
generate so many certs and what's the purpose of each cert.
Regards,
Hua Jie
On Fri, Oct 19, 2012 at 7:11 PM, Oliver Wulff <ow...@talend.com> wrote:
> Hi Hua Jie
>
> The certificates are used for different purposes. On the one hand, there
> are web server certificates for https (idp, application) and on the other
> hand the signer certificate for the SAML token.
>
> Glen did a great job in giving the background where which certificate is
> used:
>
> http://svn.apache.org/viewvc/cxf/fediz/trunk/examples/samplekeys/HowToGenerateKeysREADME.html?view=co
>
> Oli
>
> ________________________________________
> From: 杨华杰 [yhjhoo@gmail.com]
> Sent: 19 October 2012 03:31
> To: dev@cxf.apache.org
> Subject: Re: Updated Fediz roadmap
>
> Hi Oliver
>
> I have make Fediz working long time ago. But I still can not figured out
> why do I need to generate so many SSL certs. How do you explain this when
> you are facing the people like me. Any document improvement release?
>
>
>
> Regards,
> Hua Jie
>
> On Fri, Oct 19, 2012 at 2:02 AM, Oliver Wulff <ow...@talend.com> wrote:
>
> > Hi all
> >
> > The following issues were fixed:
> > FEDIZ-17 Current Fediz STS exposes SOAP 1.1 end point
> > FEDIZ-18 Make supported claims configurable in FileClaimsHandler
> > FEDIZ-25 Look for fediz_config.xml in catalina base too
> > FEDIZ-20 Maintain authentication state (Prevents using the same Fediz
> > IDP for different RPs)
> > FEDIZ-28 Logout capability in IDP
> >
> > I'd like to prepare the release for 1.0.2 which is a significant
> > improvement especially of the idp/sts.
> >
> > Then, I'd create a fixes branch for 1.0 and move trunk to 1.1.
> >
> > Thoughts?
> >
> >
> >
> > ------
> >
> > Oliver Wulff
> >
> > Blog: http://owulff.blogspot.com
> > Solution Architect
> > http://coders.talend.com
> >
> > Talend Application Integration Division http://www.talend.com
> >
> > ________________________________________
> > From: Oliver Wulff [owulff@talend.com]
> > Sent: 04 October 2012 21:59
> > To: dev@cxf.apache.org
> > Subject: Updated Fediz roadmap
> >
> > Hi all
> >
> > What do you think about the following roadmap?
> >
> > Release 1.0.2 (include CXF STS 2.6.3)
> >
> > FEDIZ-17 Current Fediz STS exposes SOAP 1.1 end point
> > FEDIZ-18 Make supported claims configurable in FileClaimsHandler
> > FEDIZ-25 Look for fediz_config.xml in catalina base too
> > FEDIZ-20 Maintain authentication state (Prevents using the same Fediz
> > IDP for different RPs)
> > FEDIZ-27 Signout in RP (only support processing signout requests,
> don't
> > support redirect signout to IDP)
> > FEDIZ-28 Logout capability in IDP
> >
> >
> > Release 1.1 (planned release end of year)
> > ---------------
> >
> > FEDIZ-5
> > Support Jetty container (will support then TESB with WAR deployment)
> >
> > FEDIZ-9 CXF Plugin
> > - add jaxrs interceptor which adapts fediz-core to support WS-Federation
> > for JAX-RS
> > - add FederationFilter, SecurityTokenThreadLocal,
> > ThreadLocalCallbackHandler from examples"
> >
> > FEDIZ-2 Support encrypted tokens
> > Support encrypted tokens
> > "Initial redesign of IDP...
> > custom functionality can be plugged in as ServletFilters (small state
> > machine in IDP)
> > configuration design (configs per wtrealm, url to metadata or everything
> > local, not all information can be retrieved from metadata document)"
> >
> > FEDIZ-23 Support different authentication mechanism
> >
> > FEDIZ-15 Support that IDP publishes Metadata document (which covers
> > SAML-P as well)
> >
> > FEDIZ-16 Instead configure required claims per wtrealm in RPClaims.xml
> > configure the metadata url
> >
> > FEDIZ-19 "IDP must provide a webpage where the user can click logout
> > (login if requested explicitly)
> > All signed in apps must be cached
> > After signout click, IDP returns html page which downloads a resource
> from
> > each RP
> >
> > Support for wfresh (reauthenticate)
> > Pseudonym Service support
> >
> >
> > Release 1.2 (planned release Q1 of 2013)
> > ---------------
> >
> > FEDIZ-3 "Support RP-IDP/STS
> > add basic home realm discovery service (whr provided by RP), default RP
> > and maybe dependent on source ip, http header, query parameter
> (expression
> > language)"
> >
> > FEDIZ-4 "Support for HOK
> >
> > FEDIZ-7 Support for SAML-P
> >
> >
> > Looking forward for your feedback, ideas and as always welcome - patches
> > ;-)
> >
> > Thanks
> > Oli
> >
> >
> >
> >
> > ------
> >
> > Oliver Wulff
> >
> > Blog: http://owulff.blogspot.com<http://owulff.blogspot.com/>
> > Solution Architect
> > http://coders.talend.com
> >
> > <http://coders.talend.com>Talend Application Integration Division
> > http://www.talend.com
> >
>
RE: Updated Fediz roadmap
Posted by Oliver Wulff <ow...@talend.com>.
Hi Hua Jie
The certificates are used for different purposes. On the one hand, there are web server certificates for https (idp, application) and on the other hand the signer certificate for the SAML token.
Glen did a great job in giving the background where which certificate is used:
http://svn.apache.org/viewvc/cxf/fediz/trunk/examples/samplekeys/HowToGenerateKeysREADME.html?view=co
Oli
________________________________________
From: 杨华杰 [yhjhoo@gmail.com]
Sent: 19 October 2012 03:31
To: dev@cxf.apache.org
Subject: Re: Updated Fediz roadmap
Hi Oliver
I have make Fediz working long time ago. But I still can not figured out
why do I need to generate so many SSL certs. How do you explain this when
you are facing the people like me. Any document improvement release?
Regards,
Hua Jie
On Fri, Oct 19, 2012 at 2:02 AM, Oliver Wulff <ow...@talend.com> wrote:
> Hi all
>
> The following issues were fixed:
> FEDIZ-17 Current Fediz STS exposes SOAP 1.1 end point
> FEDIZ-18 Make supported claims configurable in FileClaimsHandler
> FEDIZ-25 Look for fediz_config.xml in catalina base too
> FEDIZ-20 Maintain authentication state (Prevents using the same Fediz
> IDP for different RPs)
> FEDIZ-28 Logout capability in IDP
>
> I'd like to prepare the release for 1.0.2 which is a significant
> improvement especially of the idp/sts.
>
> Then, I'd create a fixes branch for 1.0 and move trunk to 1.1.
>
> Thoughts?
>
>
>
> ------
>
> Oliver Wulff
>
> Blog: http://owulff.blogspot.com
> Solution Architect
> http://coders.talend.com
>
> Talend Application Integration Division http://www.talend.com
>
> ________________________________________
> From: Oliver Wulff [owulff@talend.com]
> Sent: 04 October 2012 21:59
> To: dev@cxf.apache.org
> Subject: Updated Fediz roadmap
>
> Hi all
>
> What do you think about the following roadmap?
>
> Release 1.0.2 (include CXF STS 2.6.3)
>
> FEDIZ-17 Current Fediz STS exposes SOAP 1.1 end point
> FEDIZ-18 Make supported claims configurable in FileClaimsHandler
> FEDIZ-25 Look for fediz_config.xml in catalina base too
> FEDIZ-20 Maintain authentication state (Prevents using the same Fediz
> IDP for different RPs)
> FEDIZ-27 Signout in RP (only support processing signout requests, don't
> support redirect signout to IDP)
> FEDIZ-28 Logout capability in IDP
>
>
> Release 1.1 (planned release end of year)
> ---------------
>
> FEDIZ-5
> Support Jetty container (will support then TESB with WAR deployment)
>
> FEDIZ-9 CXF Plugin
> - add jaxrs interceptor which adapts fediz-core to support WS-Federation
> for JAX-RS
> - add FederationFilter, SecurityTokenThreadLocal,
> ThreadLocalCallbackHandler from examples"
>
> FEDIZ-2 Support encrypted tokens
> Support encrypted tokens
> "Initial redesign of IDP...
> custom functionality can be plugged in as ServletFilters (small state
> machine in IDP)
> configuration design (configs per wtrealm, url to metadata or everything
> local, not all information can be retrieved from metadata document)"
>
> FEDIZ-23 Support different authentication mechanism
>
> FEDIZ-15 Support that IDP publishes Metadata document (which covers
> SAML-P as well)
>
> FEDIZ-16 Instead configure required claims per wtrealm in RPClaims.xml
> configure the metadata url
>
> FEDIZ-19 "IDP must provide a webpage where the user can click logout
> (login if requested explicitly)
> All signed in apps must be cached
> After signout click, IDP returns html page which downloads a resource from
> each RP
>
> Support for wfresh (reauthenticate)
> Pseudonym Service support
>
>
> Release 1.2 (planned release Q1 of 2013)
> ---------------
>
> FEDIZ-3 "Support RP-IDP/STS
> add basic home realm discovery service (whr provided by RP), default RP
> and maybe dependent on source ip, http header, query parameter (expression
> language)"
>
> FEDIZ-4 "Support for HOK
>
> FEDIZ-7 Support for SAML-P
>
>
> Looking forward for your feedback, ideas and as always welcome - patches
> ;-)
>
> Thanks
> Oli
>
>
>
>
> ------
>
> Oliver Wulff
>
> Blog: http://owulff.blogspot.com<http://owulff.blogspot.com/>
> Solution Architect
> http://coders.talend.com
>
> <http://coders.talend.com>Talend Application Integration Division
> http://www.talend.com
>
Re: Updated Fediz roadmap
Posted by 杨华杰 <yh...@gmail.com>.
Hi Oliver
I have make Fediz working long time ago. But I still can not figured out
why do I need to generate so many SSL certs. How do you explain this when
you are facing the people like me. Any document improvement release?
Regards,
Hua Jie
On Fri, Oct 19, 2012 at 2:02 AM, Oliver Wulff <ow...@talend.com> wrote:
> Hi all
>
> The following issues were fixed:
> FEDIZ-17 Current Fediz STS exposes SOAP 1.1 end point
> FEDIZ-18 Make supported claims configurable in FileClaimsHandler
> FEDIZ-25 Look for fediz_config.xml in catalina base too
> FEDIZ-20 Maintain authentication state (Prevents using the same Fediz
> IDP for different RPs)
> FEDIZ-28 Logout capability in IDP
>
> I'd like to prepare the release for 1.0.2 which is a significant
> improvement especially of the idp/sts.
>
> Then, I'd create a fixes branch for 1.0 and move trunk to 1.1.
>
> Thoughts?
>
>
>
> ------
>
> Oliver Wulff
>
> Blog: http://owulff.blogspot.com
> Solution Architect
> http://coders.talend.com
>
> Talend Application Integration Division http://www.talend.com
>
> ________________________________________
> From: Oliver Wulff [owulff@talend.com]
> Sent: 04 October 2012 21:59
> To: dev@cxf.apache.org
> Subject: Updated Fediz roadmap
>
> Hi all
>
> What do you think about the following roadmap?
>
> Release 1.0.2 (include CXF STS 2.6.3)
>
> FEDIZ-17 Current Fediz STS exposes SOAP 1.1 end point
> FEDIZ-18 Make supported claims configurable in FileClaimsHandler
> FEDIZ-25 Look for fediz_config.xml in catalina base too
> FEDIZ-20 Maintain authentication state (Prevents using the same Fediz
> IDP for different RPs)
> FEDIZ-27 Signout in RP (only support processing signout requests, don't
> support redirect signout to IDP)
> FEDIZ-28 Logout capability in IDP
>
>
> Release 1.1 (planned release end of year)
> ---------------
>
> FEDIZ-5
> Support Jetty container (will support then TESB with WAR deployment)
>
> FEDIZ-9 CXF Plugin
> - add jaxrs interceptor which adapts fediz-core to support WS-Federation
> for JAX-RS
> - add FederationFilter, SecurityTokenThreadLocal,
> ThreadLocalCallbackHandler from examples"
>
> FEDIZ-2 Support encrypted tokens
> Support encrypted tokens
> "Initial redesign of IDP...
> custom functionality can be plugged in as ServletFilters (small state
> machine in IDP)
> configuration design (configs per wtrealm, url to metadata or everything
> local, not all information can be retrieved from metadata document)"
>
> FEDIZ-23 Support different authentication mechanism
>
> FEDIZ-15 Support that IDP publishes Metadata document (which covers
> SAML-P as well)
>
> FEDIZ-16 Instead configure required claims per wtrealm in RPClaims.xml
> configure the metadata url
>
> FEDIZ-19 "IDP must provide a webpage where the user can click logout
> (login if requested explicitly)
> All signed in apps must be cached
> After signout click, IDP returns html page which downloads a resource from
> each RP
>
> Support for wfresh (reauthenticate)
> Pseudonym Service support
>
>
> Release 1.2 (planned release Q1 of 2013)
> ---------------
>
> FEDIZ-3 "Support RP-IDP/STS
> add basic home realm discovery service (whr provided by RP), default RP
> and maybe dependent on source ip, http header, query parameter (expression
> language)"
>
> FEDIZ-4 "Support for HOK
>
> FEDIZ-7 Support for SAML-P
>
>
> Looking forward for your feedback, ideas and as always welcome - patches
> ;-)
>
> Thanks
> Oli
>
>
>
>
> ------
>
> Oliver Wulff
>
> Blog: http://owulff.blogspot.com<http://owulff.blogspot.com/>
> Solution Architect
> http://coders.talend.com
>
> <http://coders.talend.com>Talend Application Integration Division
> http://www.talend.com
>
RE: Updated Fediz roadmap
Posted by Oliver Wulff <ow...@talend.com>.
Hi all
The following issues were fixed:
FEDIZ-17 Current Fediz STS exposes SOAP 1.1 end point
FEDIZ-18 Make supported claims configurable in FileClaimsHandler
FEDIZ-25 Look for fediz_config.xml in catalina base too
FEDIZ-20 Maintain authentication state (Prevents using the same Fediz IDP for different RPs)
FEDIZ-28 Logout capability in IDP
I'd like to prepare the release for 1.0.2 which is a significant improvement especially of the idp/sts.
Then, I'd create a fixes branch for 1.0 and move trunk to 1.1.
Thoughts?
------
Oliver Wulff
Blog: http://owulff.blogspot.com
Solution Architect
http://coders.talend.com
Talend Application Integration Division http://www.talend.com
________________________________________
From: Oliver Wulff [owulff@talend.com]
Sent: 04 October 2012 21:59
To: dev@cxf.apache.org
Subject: Updated Fediz roadmap
Hi all
What do you think about the following roadmap?
Release 1.0.2 (include CXF STS 2.6.3)
FEDIZ-17 Current Fediz STS exposes SOAP 1.1 end point
FEDIZ-18 Make supported claims configurable in FileClaimsHandler
FEDIZ-25 Look for fediz_config.xml in catalina base too
FEDIZ-20 Maintain authentication state (Prevents using the same Fediz IDP for different RPs)
FEDIZ-27 Signout in RP (only support processing signout requests, don't support redirect signout to IDP)
FEDIZ-28 Logout capability in IDP
Release 1.1 (planned release end of year)
---------------
FEDIZ-5
Support Jetty container (will support then TESB with WAR deployment)
FEDIZ-9 CXF Plugin
- add jaxrs interceptor which adapts fediz-core to support WS-Federation for JAX-RS
- add FederationFilter, SecurityTokenThreadLocal, ThreadLocalCallbackHandler from examples"
FEDIZ-2 Support encrypted tokens
Support encrypted tokens
"Initial redesign of IDP...
custom functionality can be plugged in as ServletFilters (small state machine in IDP)
configuration design (configs per wtrealm, url to metadata or everything local, not all information can be retrieved from metadata document)"
FEDIZ-23 Support different authentication mechanism
FEDIZ-15 Support that IDP publishes Metadata document (which covers SAML-P as well)
FEDIZ-16 Instead configure required claims per wtrealm in RPClaims.xml configure the metadata url
FEDIZ-19 "IDP must provide a webpage where the user can click logout (login if requested explicitly)
All signed in apps must be cached
After signout click, IDP returns html page which downloads a resource from each RP
Support for wfresh (reauthenticate)
Pseudonym Service support
Release 1.2 (planned release Q1 of 2013)
---------------
FEDIZ-3 "Support RP-IDP/STS
add basic home realm discovery service (whr provided by RP), default RP and maybe dependent on source ip, http header, query parameter (expression language)"
FEDIZ-4 "Support for HOK
FEDIZ-7 Support for SAML-P
Looking forward for your feedback, ideas and as always welcome - patches ;-)
Thanks
Oli
------
Oliver Wulff
Blog: http://owulff.blogspot.com<http://owulff.blogspot.com/>
Solution Architect
http://coders.talend.com
<http://coders.talend.com>Talend Application Integration Division http://www.talend.com