{5} Accepted, Active Tickets by Owner (Full Description) (39 matches)

List tickets accepted, group by ticket owner. This report demonstrates the use of full-row display.

dale (1 match)

Ticket Summary Component Milestone Type Created
Description
#721 get an external open source developer review of the Bandit web site CommunityBuilding Sprint 11/1 task 07/25/08

dbuss (6 matches)

Ticket Summary Component Milestone Type Created
Description
#278 Python RP should properly handle expected claims with attached attributes RP: python Future defect 12/17/07

such as verified by (waiting on OSIS/Microsoft definition)

#280 RP should be reviewed for potential injection attacks RP: trac Future defect 12/17/07

Review code for sql, ldap, html injection attacks.

Idle musing: What if there were specific cleaning functions which could be enabled via the options interface to data scrubbing? The I don't force it, and I could allow others to add cleansing functions without changing the core.

#281 Python RP should handle special chars in claim values RP: python Future defect 12/17/07

Handles claim values containing special characters such as <, >, /, \, ", ', `, ?, #, and space

#287 Python RP should verify that no namespaces are used which are not part of the inclusive namespaces element RP: python Future defect 12/17/07

Token using namespace not in InclusiveNamespaces? list should result in an error

#288 TRAC RP should have better identity selector and browser add on support RP: trac Future defect 12/17/07

RP should degrade gracefully or provide instructions on how to install a selector addon

#282 Python RP should be enhanced to support saml 2.0 tokens RP: python Future enhancement 12/17/07

dsanders (19 matches)

Ticket Summary Component Milestone Type Created
Description
#354 Create a managed card backed by a Kerberos ticket and save to .crd file format Open IdP: User Future enhancement 01/22/08
#356 Make sure supporting secure SOAP bindings Open IdP Future enhancement 01/22/08

This includes the following:

  1. Support for transport security to secure the transaction on the channel as per ISIP Guide § 5.1.1.1 and WS-SecurityPolicy 1.2 § 8.3
  2. Support for message security, specifically a symmetric binding to secure the transaction on the channel as per ISIP Guide § 5.1.1.2 and WS-SecurityPolicy 1.2 § 8.4
  3. Support for message security, specifically an asymmetric binding to secure the transaction on the channel as per WS-SecurityPolicy 1.2 § 8.5
  4. Support for RP which uses SOAP 1.1
  5. Support for RP which uses SOAP 1.2
#357 Make sure supporting appropriate WS-Trust and WS-Security specs Open IdP Future enhancement 01/22/08

This includes the following:

  1. Support for RP which uses WS-Trust 1.2 and WS-SecurityPolicy 1.1 as per ISIP and ISIP Guide
  2. Support for RP which uses WS-Trust 1.3 and WS-SecurityPolicy 1.2 as per http://blogs.msdn.com/card/archive/2007/11/22/cardspace-support-for-oasis-ws-sx-standards.aspx
#358 Support for all required SAML token types Open IdP 1.0M6 enhancement 01/22/08

This includes the following:

  1. Requested with “urn:oasis:names:tc:SAML:1.0:assertion”.
  2. Returns a SAML 1.1 token when the RP supplies a token type of "http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV1.1”. Note that SAML 1.0 and SAML 1.1 tokens have the same syntax.
  3. Returns a SAML 2.0 token when RP supplies a token type of “urn:oasis:names:tc:SAML:2.0:assertion”.
  4. Recognizes equivalence of the multiple URIs for SAML 1.0/1.1 tokens: “urn:oasis:names:tc:SAML:1.0:assertion” and “http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV1.1”
#360 Ability to Refuse to Serve No-SSL Relying Parties Open IdP Future enhancement 01/22/08
#361 Return SOAP faults on error conditions Open IdP Future enhancement 01/22/08

Specifically, the following error conditions should be handled and return the specified SOAP faults:

  1. When the !IdP cannot use the proof key specified in the request, an "InvalidProofKey" SOAP Fault should be returned as per ISIP § 6.2
  2. When the card reference used in an Identity Provider transaction is unrecognized or otherwise deemed incorrect by the Identity Provider, a "UnknownInformationCardReference" SOAP Fault is returned as per ISIP § 6.2
  3. When the !IdP is unable to publish claim values for all required claims, it may return a "Unable to Satisfy Claims" SOAP Fault as per ISIP § 6.2
  4. When a user selects a card with an old card version, the Identity Provider should return a "InformationCardRefreshRequired" SOAP Fault
#464 Need a "Sample Data" one-click context install Open IdP: Admin Future enhancement 03/20/08

It would be good to have a choice on installation to get the server set up with a good working "sample" solution -- card template, test ldap server, claim types, and jndi context provider. That way admins can make sure the service is up and running and successfully distributing/validating cards before they try to do anything fancy.

#221 Expire Cards On Account Open IdP: Admin Future task 08/28/07

Cards associated with an account must be expirable. This means we must keep track of an expiration date, among other things, for cards that are associated to accounts.

#222 Track Association Date, Last Usage For Each Card, Other Info Open IdP: Admin/User Future task 08/28/07

Keep track of the association date, last usage time, and other administrative information for information cards that have been associated with user accounts. The user and administrator should have a screen that allows them to see the information.

#223 Delete Info Card/Account Association Open IdP: Admin/User Future task 08/28/07

Administrators and users should be allowed to delete an information card/account association

#224 JScript for Create Digital Subject (To auto add extra params like ACL, CN, UID, Language, etc.) Open IdP: Admin Future task 08/28/07

The configuration for the IdAS JNDI context provider needs to allow an administrator to define a script that is executed when a digital subject is created. This would allow the context provider to automatically populate attributes that the user doesn't know about, but still need to be populated - like ACL, CN, UID, etc.

NOTE: This is mostly IdAS work, with a few minor changes to the IdP code to generate the script that we want to use.

#225 Other "Update" JScripts? Open IdP: Admin Future task 08/28/07

Are there other jspolicy scripts that the JNDI context provider needs to allow an administrator to configure.

#227 Internationalization Open IdP: Admin/User Future task 08/28/07

First: Change the application so that all messages can be translated - start using message IDs, etc.

Second: Create all English text.

Third: Other languages

#228 Icons, Buttons, Look & Feel - More Professional Open IdP: Admin/User Future task 08/28/07

Overhaul the look and feel - buttons, images, background images, etc. - so the whole thing - both user and admin experience looks more smooth and professional.

#230 View RPs visited and security tokens issued Open IdP: User Future task 08/30/07

The STS should keep track of every time a security token is issued, and the claims that were issued, as well as the RP the security token is going back to (if known). A UI should be provided that allows the user to see all of this information - listed chronologically, or sorted by RP, or whatever.

#318 Research ATS on OTIS Integration Demos: OTIS, IIL enabled applications Future task 01/16/08

Do we need an instance of ATS in OTIS? The current use cases seem to not require it.

#320 Research/Describe how the temporary LDAP server works Integration Demos: OTIS, IIL enabled applications Future task 01/16/08

How will the Temp LDAP server work? Should it be a standalone server, or re-use an existing (already deployed) server, or allow for both scenarios? What will we require in terms of configuration? What structure will it need? What kinds of things (operations and data layout) will applications expect (will they expect to do things like bind as anon, search for user, then bind as user, or will they always bind with DN/PW?)

When we write the temp LDAP entry, we should use IdAS so in the future, the "temp identity" could be stuck into any data store.

#635 Allow Content Type negotiations. OTIS: Server Future task 06/24/08

Currently clients can't specify what content types they support, we need to support content types as a first step to different formats, atom, opensocial, xml, xdi, json etc.

#879 BanditIdP STS Open IdP task 12/28/08

I tried several times deploying BanditIdP but keeping running into same issue. It gets installed and allows to login using username/password, generate managed cards and also assoicate personal cards but when tring to login using managed card, it gives an message "The card contents couldn't be retrived."

I suspect Cardspace selector is not able to connect STS to get security token. Here is the tomcat log with error messages:

Dec 28, 2008 11:15:11 PM org.apache.catalina.startup.Catalina start INFO: Server startup in 3359 ms Base64ApacheExtension:Base64ApacheExtension Base64ApacheExtension:configure XMLSecurityApacheExtension:XMLSecurityApacheExtension XMLSecurityApacheExtension:configure 23:16:16,603 ERROR LogHelper?.error (119): java.lang.NullPointerException? org.eclipse.higgins.idas.registry.contextid.ConfigurationContextId::<init> ConfigurationContextId?.java:29. 23:16:16,614 ERROR LogHelper?.error (119): org.eclipse.higgins.idas.registry.contextid.ConfigurationContextId::<init> ConfigurationContextId?.java:29. org.eclipse.higgins.idas.registry.contextid.ContextIdFactory::fromConfiguration ContextIdFactory?.java:88. 23:16:16,615 ERROR LogHelper?.error (119): org.eclipse.higgins.idas.registry.contextid.ContextIdFactory::fromConfiguration ContextIdFactory?.java:88. org.eclipse.higgins.sts.server.token.identity.DigitalIdentityHandler::invoke DigitalIdentityHandler?.java:269. 23:16:16,617 ERROR LogHelper?.error (119): org.eclipse.higgins.sts.server.token.identity.DigitalIdentityHandler::invoke DigitalIdentityHandler?.java:269. org.bandit.idp.AuditHandler::invoke AuditHandler?.java:470. 23:16:16,617 ERROR LogHelper?.error (119): org.bandit.idp.AuditHandler::invoke AuditHandler?.java:470. org.eclipse.higgins.sts.server.trust.SecurityTokenService::invoke SecurityTokenService?.java:158. 23:16:16,618 ERROR LogHelper?.error (119): org.eclipse.higgins.sts.server.trust.SecurityTokenService::invoke SecurityTokenService?.java:158. org.eclipse.higgins.sts.binding.axis1x.SecurityTokenServiceServerBinding::requestSecurityToken SecurityTokenServiceServerBinding?.java:114. 23:16:16,619 ERROR LogHelper?.error (119): org.eclipse.higgins.sts.binding.axis1x.SecurityTokenServiceServerBinding::requestSecurityToken SecurityTokenServiceServerBinding?.java:114. org.eclipse.higgins.sts.binding.axis1x.service.TrustBindingImpl::requestSecurityToken TrustBindingImpl?.java:41. 23:16:16,629 ERROR LogHelper?.error (119): org.eclipse.higgins.sts.binding.axis1x.service.TrustBindingImpl::requestSecurityToken TrustBindingImpl?.java:41. org.eclipse.higgins.sts.binding.axis1x.service.TrustBindingSkeleton::requestSecurityToken TrustBindingSkeleton?.java:70. 23:16:16,631 ERROR LogHelper?.error (119): org.eclipse.higgins.sts.binding.axis1x.service.TrustBindingSkeleton::requestSecurityToken TrustBindingSkeleton?.java:70. sun.reflect.NativeMethodAccessorImpl::invoke0 NativeMethodAccessorImpl?.java:-2. 23:16:16,632 ERROR LogHelper?.error (119): sun.reflect.NativeMethodAccessorImpl::invoke0 NativeMethodAccessorImpl?.java:-2. sun.reflect.NativeMethodAccessorImpl::invoke NativeMethodAccessorImpl?.java:39. 23:16:16,632 ERROR LogHelper?.error (119): sun.reflect.NativeMethodAccessorImpl::invoke NativeMethodAccessorImpl?.java:39. sun.reflect.DelegatingMethodAccessorImpl::invoke DelegatingMethodAccessorImpl?.java:25. 23:16:16,633 ERROR LogHelper?.error (119): sun.reflect.DelegatingMethodAccessorImpl::invoke DelegatingMethodAccessorImpl?.java:25.

I'm running Apache2/Tomcat6 on SuSE Linux 11 without -security option and verified the configuration against setup documentation but still same issue.

Thanks,

=gk

jimse (6 matches)

Ticket Summary Component Milestone Type Created
Description
#383 Provide switch to bind only on loopback interface LDAPTS Future enhancement 01/31/08

Reduce the chance to misuse LDAP Test Server in production environment.

#454 update the test/readme file in the HTNG project OTIS: Server Future task 03/11/08

This needs to give full, exact instructions on how to test the proof of concept. It should also give an overview or explanation of what's going on, how the client and server communicate, etc.

#709 Need to document authorization control model OTIS: Authorization Future task 07/25/08

We need to resolve various issues raised in our 7/18/2008 Sprint review, see #701. Need to articulate what is our Authorization Control Model. Do we need to allow administrators to limit which attributes are queried?

Include:

  • Links to IdAS model
  • Additional documentation
#793 IdAS model refactor OTIS: Identity Future task 09/02/08

expose IdAS model (schema) as first-level entities

#616 Need String filter format for IdAS OTIS: SDK Future task 06/23/08

In order to store queries in config files and to access IdAS from command line uis we need a string version of the filters.

#816 Nightly builds and unit tests CommunityBuilding Future task 09/18/08

Need nighly build and unit tests

tdoman (7 matches)

Ticket Summary Component Milestone Type Created
Description
#48 Identity Abstraction / Mapping ISIL: Interface Manager Future task 09/26/07

Provide an interface manager that will allow a developer / sysadmin to create mappings between specified Bandit attributes and configured Identity stores

#641 push the AM\eDir team to register the SAML SASL method w/ IANA OTIS: Authentication Future task 06/24/08
#795 /otis w/o any additional noun should throw an information page OTIS: Server Future task 09/03/08

should include the server version and other details and explanation about the OTIS server

#824 Test headless DigitalMe for authenticating user to OTIS w/ a Managed InfoCard OTIS: Server Future task 09/18/08
#733 Support multiple input and output MIME types for OTIS OTIS: Server Future user story 08/06/08
  • Support JSON in and out: #734
  • Support Atom in and out: #735
  • Support XML in and out: Done
#736 Support OAuth in OTIS for capabilities it provides OTIS: Server Future user story 08/06/08
  • to support an industry standard and encourage OTIS users.
  • so that OTIS clients can access OTIS services w/o requiring credentials from the user
  • so that OTIS can act as a PDP for it's own services as well as services upon the OTIS framework
  • so that OTIS can audit\log the execution of delegated operations
  • so that a serrvice may use OTIS to control delegated access to it's resources
#551 Authenticate User using Managed Info Card User Story Future user story 06/20/08

A developer codes an application to use an "information card" authentication method. Developer needs to do this using ISIL, and ISIL needs to be able to perform the authentication in either a local or remote configuration. This means that we need a REST interface, as well as the Java ISIL APIs

Blocking Tickets

Note: See TracReports for help on using and creating reports.