20110301 - March 1, 2011, SSPR Technical Meeting

Technical Team

Marvin Addison, Victor Bagley, Marc DeBonis, Daniel Fisher, Karen Herrington, Kim Homer, Mike Hosig, Greg Kroll, Ken McCrery, Andrew Olson, Kevin Rooney, Brenda van Gelder

Agenda

1. OpenId discovery hostname
2. Legal issues with OpenId
3. passwordState in personManager payload
4. Updates on OTP
5. Discuss schedule of code review this Friday
6. Discuss spec review

Meeting Notes

Attendees: Daniel Fisher, Karen Herrington, Mike Hosig, Greg Kroll, Ken McCrery, Andrew Olson, Kevin Rooney

1. OpenId discovery hostname
   1. There was discussion about what is included in the redirect for the user and what can be passed for/in the realm?
   2. Action item: Kevin and Andrew will investigate this further.
2. Legal issues with OpenId
   1. We need to investigate whether VT Legal will have a problem with project depending on a service (OpenId) that we do not have a contract for/with.
   2. Action item: Greg will initiate contact with VT Legal to get a decision on this.
3. passwordState in personManager payload
   1. Action item: Daniel will investigate.
      1. this change has been made in dev
4. Updates on OTP
   1. We have a trial contract with Bulletin.net and their SMS service that is good through April 2011.
   2. One stipulation of this trial contract is that we do not involve students in the trial/our testing.
   3. Action item: Greg will contact Kim Homer and let her know as she usually involves students in her testing.
5. Discuss schedule of code review this Friday
   1. This is open to all.
6. Discuss spec review
   1. Application components are in good-enough shape to do a demo for project stakeholders.
      • Action item: Greg will schedule a meeting of project stakeholders.
   2. Discussion about GR8 & GR9 and locked accounts (locked for something other than password expiration).

      GR8. All accounts must be in an active state in order to use this service.
      GR9. Passwords must be in either an active state or an expired state (due to a forced expiration) in order to use this service.

      • Action item: Kevin will combine GR8 &GR9.
   3. Discussion about GR17

      GR17. Accounts that do not have a VTID will not be allowed to use this service.

      • The only accounts that do not have VTID are sponsored accounts. We do not want sponsored accounts to be able to reset their own password.
      • Action item: Kevin will be sure that Marvin knows this so CAS does not allow sponsored accounts to use this service.
   4. Discussion about GR25

      GR25. System will allow for only one remote auth provider to be set as the current provider in their reset preferences.

      • Currently we are restricting this to either Google or Yahoo.
      • Here are references to this requirement I could find on this wiki:
        1. Technical Focus Group Questions Question #8 and the bottom couple of bullets on the page
        2. Security Focus Group Questions Question #7 and Answer #7 towards bottom of page
        3. 20101109 - November 9, 2010, Agenda Tangentially related, see meeting note #6
7. Action item: Greg will schedule a meeting of project stakeholders to give them a status update as well as a demo of progress to date.