<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40">

<head>

<meta http-equiv="Content-Type" content="text/html; charset=utf-8">

<meta name="Generator" content="Microsoft Word 12 (filtered medium)">

<style><!--

/* Font Definitions */

@font-face

        {font-family:"Cambria Math";

        panose-1:2 4 5 3 5 4 6 3 2 4;}

@font-face

        {font-family:Calibri;

        panose-1:2 15 5 2 2 2 4 3 2 4;}

@font-face

        {font-family:Tahoma;

        panose-1:2 11 6 4 3 5 4 4 2 4;}

/* Style Definitions */

p.MsoNormal, li.MsoNormal, div.MsoNormal

        {margin:0in;

        margin-bottom:.0001pt;

        font-size:12.0pt;

        font-family:"Times New Roman","serif";}

a:link, span.MsoHyperlink

        {mso-style-priority:99;

        color:blue;

        text-decoration:underline;}

a:visited, span.MsoHyperlinkFollowed

        {mso-style-priority:99;

        color:purple;

        text-decoration:underline;}

p

        {mso-style-priority:99;

        mso-margin-top-alt:auto;

        margin-right:0in;

        mso-margin-bottom-alt:auto;

        margin-left:0in;

        font-size:12.0pt;

        font-family:"Times New Roman","serif";}

span.EmailStyle18

        {mso-style-type:personal-reply;

        font-family:"Calibri","sans-serif";

        color:#1F497D;}

.MsoChpDefault

        {mso-style-type:export-only;}

@page WordSection1

        {size:8.5in 11.0in;

        margin:1.0in 1.0in 1.0in 1.0in;}

div.WordSection1

        {page:WordSection1;}

--></style><!--[if gte mso 9]><xml>

<o:shapedefaults v:ext="edit" spidmax="1026" />

</xml><![endif]--><!--[if gte mso 9]><xml>

<o:shapelayout v:ext="edit">

<o:idmap v:ext="edit" data="1" />

</o:shapelayout></xml><![endif]-->

</head>

<body lang="EN-US" link="blue" vlink="purple">

<div class="WordSection1">

<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">Hi Rok,<o:p></o:p></span></p>

<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">    Is there any reason why we can use pysaml2 (</span><a href="https://pypi.python.org/pypi/pysaml2">https://pypi.python.org/pypi/pysaml2</a>) & (<a href="http://pythonhosted.org/pysaml2/">http://pythonhosted.org/pysaml2/</a>)?

<span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">We want to avoid building a custom solution if there’s one already out there. : )<o:p></o:p></span></p>

<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"><o:p> </o:p></span></p>

<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">Thanks,<o:p></o:p></span></p>

<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">joe<o:p></o:p></span></p>

<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"><o:p> </o:p></span></p>

<div style="border:none;border-top:solid #B5C4DF 1.0pt;padding:3.0pt 0in 0in 0in">

<p class="MsoNormal"><b><span style="font-size:10.0pt;font-family:"Tahoma","sans-serif"">From:</span></b><span style="font-size:10.0pt;font-family:"Tahoma","sans-serif""> Rok Kralj [mailto:os@rok-kralj.net]

<br>

<b>Sent:</b> Monday, October 14, 2013 8:57 AM<br>

<b>To:</b> openstack@lists.openstack.org<br>

<b>Subject:</b> [Openstack] SAML support in OpenStack<o:p></o:p></span></p>

</div>

<p class="MsoNormal"><o:p> </o:p></p>

<div>

<p style="margin-bottom:0in;margin-bottom:.0001pt"><b><span style="font-size:10.0pt;font-family:"Arial","sans-serif"">Hello OpenStack community,</span></b><span style="font-size:10.0pt;font-family:"Arial","sans-serif""><o:p></o:p></span></p>

<p style="margin-bottom:0in;margin-bottom:.0001pt"><span style="font-size:10.0pt;font-family:"Arial","sans-serif"">As you might remember, some time ago we had a quick discussion about supporting the SAML 2.0 protocol for identity management in federations as

 this is the protocol of big importance in business enterprise. At first, the discussion gained a fair amount of interest. Just to refresh our minds, here is the reference to the discussion on the mailing list:<o:p></o:p></span></p>

<p style="margin-bottom:0in;margin-bottom:.0001pt"><span style="font-size:10.0pt;font-family:"Arial","sans-serif""><a href="http://lists.openstack.org/pipermail/openstack/2013-August/000401.html" target="_blank">http://lists.openstack.org/pipermail/openstack/2013-August/000401.html</a><o:p></o:p></span></p>

<p style="margin-bottom:0in;margin-bottom:.0001pt"><span style="font-size:10.0pt;font-family:"Arial","sans-serif"">The <a href="https://blueprints.launchpad.net/keystone/+spec/virtual-idp" target="_blank">initial manifesto</a> was published by Joe Savak, however,

 it has been in a drafting stage for quite some time now and we would like it to gain some traction on the matter. Maybe this is the time to further discuss the overall <a href="https://wiki.openstack.org/wiki/File:Virtual_Identity_Providers.png" target="_blank">architecture</a>,

 collecting as many opinions as possible.<o:p></o:p></span></p>

<p style="margin-bottom:0in;margin-bottom:.0001pt"><span style="font-size:10.0pt;font-family:"Arial","sans-serif"">Our company (XLAB) has been working on an EU funded Contrail project. Among other things, we have worked on the components providing discussed

 mechanisms, just using different technologies (SimpleSAMLphp, a mature SAML solution, also providing a plethora of other bindings).<o:p></o:p></span></p>

<p style="margin-bottom:0in;margin-bottom:.0001pt"><span style="font-size:10.0pt;font-family:"Arial","sans-serif"">We are willing to contribute our time and resources towards the implementation of this functionality in Python if needed and working with you

 on further extension of the idea. We are currently examining these two SAML libraries that might suit our (OpenStack's) needs:<o:p></o:p></span></p>

<p style="margin-bottom:0in;margin-bottom:.0001pt"><span style="font-size:10.0pt;font-family:"Arial","sans-serif""><a href="http://lasso.entrouvert.org/" target="_blank">http://lasso.entrouvert.org/</a> (GNU GPL)<o:p></o:p></span></p>

<p style="margin-bottom:0in;margin-bottom:.0001pt"><span style="font-size:10.0pt;font-family:"Arial","sans-serif""><a href="http://pythonhosted.org/authentic2/index.html" target="_blank">http://pythonhosted.org/authentic2/index.html</a> (GNU AGPL 3)<o:p></o:p></span></p>

<p style="margin-bottom:0in;margin-bottom:.0001pt"><span style="font-size:10.0pt;font-family:"Arial","sans-serif"">However, considering the fact they are not actively developed anymore and are in fact, quite heavy dependencies with C backed, we might be better

 off writing an own, custom solution, despite the needed effort to achieve that.<o:p></o:p></span></p>

<p style="margin-bottom:0in;margin-bottom:.0001pt"><span style="font-size:10.0pt;font-family:"Arial","sans-serif"">We are looking forward to your reply and to working with you,<br>

Rok Kralj, XLAB research, Slovenia<o:p></o:p></span></p>

</div>

</div>

</body>

</html>