Greetings Please review and if applicable answer this questionnaire about your single sign-on/initial sign-on system. The MACE WebISO team (http://middleware.internet2.edu/webiso) is working to promote evolution towards a common set of services and interfaces in order to help schools capitalize on best practices and to minimize the burden that applications have of supporting many variations. Your thorough response will provide extrememly helpful information, which we will compile and make available to the community. WebISO systems tend to involve lots of components and interesting protocols. We want to focus this survey, though, on just those parts affecting how applications interact with the system -- what things the application can cause to happen, what information it can get, what configuration options it has. The terminology used in the questionnaire is drawn from the WebISO: Service model and component capabilities (http://middleware.internet2.edu/webiso/docs/draft-internet2-webiso-model-00 .html). In particular for purposes of brevity, it makes frequent use of the acronym, WAA, to refer to Web Authentication Agent, which is the component that sits on the application side. Please send your response to the MACE WebISO list or if you are not on the list, to Scott Fullerton fullerton@doit.wisc.edu, and I will forward it. Thanks ;-------------------------------------------- 1. Model & Capabilities of the Web Authentication Agent (WAA) 1.1 Which high-level integration model(s) does your WAA support? [ ] Server module [ ] Apache 1.3 [ ] Apache 2.0 [ ] Java Servlet [ ] Microsoft ISAPI [ ] Other [ ] Developer's API [ ] C/C++ [ ] Java/JSP [ ] Perl [ ] Python [ ] Other 1.2 If applicable, describe the method(s) your WebISO solution provides for the WAA to handle N-tier (proxied, delegated) authentication (cf http://middleware.internet2.edu/webiso/docs/draft-lajoie-trust_and_delegatio n-02.html): 2. Authentication Request 2.1 Describe the API your WAA provides to Web applications to initiate authentication. What functions can it invoke? What parameters can it pass? 2.2 Describe any other options your WAA provides to Web applications to influence the authentication process. For example, can it request the technology or policy used to handle authentication? 3. Authentication Delivery 3.1 Describe the information delivered by your WAA to Web applications: 3.1.1 What user information is provided to the application? What is the format? How does it relate to the identifier presented to the verification backend? 3.1.2 Does the WAA deliver additional user attributes (e.g., lookup key value associated with login identifier, studentid, group membership)? What is the format of this? 3.1.3 Can additional information be delivered on request? 3.2 Describe the means by which your WAA provides authentication information to your application. Please be as specific as possible. 4. Authentication Session 4.1 Briefly describe how authentication session information is maintained (if not already covered in section 2 above): 4.2 Is it possible to for an application to set the session duration? If not already covered above, please describe: 4.3 Is it possible to terminate authentication session globally? How is that information conveyed to the application? 5. Messaging (Weblogin Service (WLS) <-> WAA) 5.1 Describe the message format used between your WAA and weblogin service to request and receive authentication information: 5.2 Describe the protocol used by the WAA to handle the above (e.g. SAML POST Profile): 6. Wish List 6.1 What changes or additions to the services provided by the WAA would you like to see in your system? 6.2 At a high level, what other changes would you like to see in your system?