I am in Mountain View, surfing on google’s ubiquitous wifi, finishing up preparations for my IIW demo. It has been a very busy (yet somewhat behind the scene) couple of months for OpenLiberty — I will be posting some cool announcements later this week.

What I am presenting is an ID-WSF environment based on OpenLiberty code that is bootstrapped through an OpenID server. I know, I know… I am breaking cardinal rules, sinning in the eyes of the identity gods (who also care about privacy and trust) — but it is a cool demo. I am also in the process of building the same demo using a SAMLv2 IdP and zxid. After I give the demo I’ll be working on making it available in some form on the Internet.

The weather here is great. I have seen more MacBook Airs than anywhere else, maybe google employees like them. If you are in Mountain view and you wanna hook up, talk identity, send me a note using asa dot openliberty at zenn dot net .

I made a presentation on March 10th in Santa Clara at a workshop preceding the Liberty Alliance Plenary. A few days ago I cleaned it up, filled in the missing pieces. This should give you a good overview of the state of the ID-WSF Client Library, the ECP plugin, and new code about to be contributed to OpenLiberty (ID-WSF and SAML2 SP).

Download the PDF OpenLiberty Presentation.

Chad La Joie of SWITCH announced yesterday the release OpenSAML/J v2.0.0. This is excellent news. As you probably know, the ID-WSF Client Library is based on the OpenSAML/J libraries. I am on the svn change notification email list and I can tell you that this release is the result of a huge amount of work.

From Chad:

“So I’m very happy to announce the 2.0.0 release of OpenSAML/J. This release closes out the remaining bugs from all the previous release candidates.

Documentation:
http://opensaml.org

Downloads:
http://shibboleth.internet2.edu/downloads/opensaml/java

We are working on the following items for future releases:
- Move to Maven build system
- Merge in the XACML code contribution provided by the EGEE Collaboration
- Merge in the WS-Trust code contribution provided by the EGEE Collaboration

And for those that like metrics, Ohloh indicates that OpenSAML 2.0 (Java and C++ versions) represents about 39 person years of work.
http://www.ohloh.net/projects/4504

Scott will be releasing the C++ code at a later date.”

Thank you for all of your hard work! I am looking forward to the upcoming additions.

Just to let everyone know … the ECP plugin for Firefox has been checked into subversion.

There are a couple caveats:

• Is preliminary only
• Needs testing
• No installation docs … yet
• User IdP selection dialog isn’t yet functional

I will post an xpi file for easy installation as soon as I get through the next round of debugging.

Question for everyone … do I need to sign this extension? And if so, whose CA should I use?

I am very excited to welcome Peter Pritchard to the development team for openLiberty. He has begun the development of a SAMLv2 ECP Firefox extension. You will notice that we are adding it to the projects on openLiberty. The WSF-DEV mailing list will be used for discussion, and the WSF-DEV phone calls will be used for ECP discussion as well as clientlib discussions.

Peter Pritchard is a programmer at Zenn New Media in western Massachusetts. His duties vary from back-end data modeling, front-end xhtml/js/css to client/server integration mechanisms. Primarily a Java/WebObjects programmer, he also works in Javascript, Ruby, Objective-C or anything else he can get away with for a particular project.

When he is not working on the latest project at Zenn, he is designing Tesla-based gravity engines, watching Smallville episodes, playing piano (poorly) or playing Candyland with his two daughters, Lucy and Stella.

Here’s the latest update on our PP 1.1 client implementation:

The PP 1.1 XML schema has now been built out in its entirety — based on DST 1.1. This includes element classes, unmarshallers, marshallers, and builders. However…

When Asa got to the development of the queries, he realized that the 1.1 spec was looking for a discovery resourceID that has been deprecated as of ID-WSF 2. So, he’s now working on a DST 2.1 adaptation.

There was a suggestion recently that we should be building ID-DAP, which gives existing LDAP directories the ability to exist in a Liberty ID-WSF environment. Apparently Symlabs has implemented this. If anyone has info on the usage of ID-DAP, please post it!

Here’s what Symlabs says about it (from their site):

“ID-DAP clients can invoke this web service to remotely perform LDAP operations with no requirement to reveal a user’s actual private identity information, such as a telephone number.”

More snow expected tonight — looks like it’ll be a white Xmas…

Well. Just checked in the first crack at modeling the version 1.1 Personal Profile (Liberty ID-SIS PP v1.1) using the Shibboleth Java XMLTooling and OpenSAML 2 libraries. Take a look at the source if you are interested. Big big big thank you to Shibb for the already developed signature classes. Geez… that saved some time The PP uses the ID-WSF DST v1.1.

Next I will be writing the Marshaller/Unmarshaller/Builder classes to support the base objects. This will prove to be rather tedious I am sure, but satisfying when completed.

It is snowing here in Massachusetts, totally beautiful. I may post a picture later.

After a meeting on the 20th it became clear that the objectives were not as clear as they could be for the project. The ultimate goal is a ID-WSF 2 Client Library that becomes certified liberty interoperable. With this as the goal, it made sense to look at the requirements to achieve this, so we turned to the Liberty Interoperable Testing Procedures for ID-WSF 2.0.

At the moment we are working out the bits that are relevant for a SOAP library. Most everything appears to qualify, but there are some aspects (like browser redirects) which are out of band. So at the moment we are rejiggering the delivery schedule and deliverables.

HELP!!!! If you have access to or have code that implements some or all of the ID-WSF 2.0 WSP requirements, we’d love to test with you. DISCO through some service would be helpful (even a “Hello” service would qualify quite well). Please contact me using asa dot openliberty at zenn  dot net.

After hitting virtually every roadblock imaginable (bandwidth issues, memory issues, OS issues, etc.), we’ve finally got HP’s ID-WSF 2.0-compliant “Select Federation” product up and running on Derrick’s Solaris box. Santosh and Pulkit, engineers at HP, have been very helpful in helping us get started with our interop tests. Today we’ve been extracting EPRs from the communication between HP’s IDP and their SP to use in our ClientLib testing.

ClientLib-to-HP SF interop testing will continue this evening and tomorrow.

We’ve set October 12th for our Alpha delivery. By the 12th the ClientLib will be cutting a critical path from bootstrapping a disco epr, through discovery, and interacting with a simple service. We’ve been working with Conor Cahill’s Server Toolkit as our test harness, and scraping queries from his Client.

So far so good! You can download what we have and watch the magic happen - the latest versions of OpenSAML’s java libraries are required (specifically java-opensaml2, java-xmltooling, and java-openws). All of the other required jars are shipped with the OpenSAML code.

There will be a great deal more progress over the next several days, but feel free to take a look.