All Regions
Argentina
Australia
Austria
Belgium (fr)
Belgium (nl)
Brazil
Bulgaria
Canada (en)
Canada (fr)
Catalonia
Chile
China
Colombia
Croatia
Czech Republic
Denmark
Estonia
Finland
France
Germany
Greece
Hong Kong
Hungary
Iceland
India (en)
Indonesia (en)
Ireland
Israel (en)
Italy
Japan
Korea
Latvia
Lithuania
Malaysia (en)
Mexico
Netherlands
New Zealand
Norway
Pakistan (en)
Peru
Philippines (en)
Poland
Portugal
Romania
Russia
Saudi Arabia
Singapore
Slovakia
Slovenia
South Africa
Spain (ca)
Spain (es)
Sweden
Switzerland (de)
Switzerland (fr)
Taiwan
Thailand (en)
Turkey
US (English)
US (Spanish)
Ukraine
United Kingdom
Vietnam (en)
Any Time
Past Day
Past Week
Past Month
Past Year
Best Practices with Directed Identity
willnorris.com/2009/best-practices-with-directed-identity/
Shibboleth
and SAML.
Shibboleth
is an open source web single sign-on product which is very popular with universities around the world. It is primarily an implementation of the Security Assertion Markup Language (SAML), but supports other identity protocols as well.
Shibboleth 1.3 released
willnorris.com/2005/shibboleth-13-released/
Shibboleth
1.3 released. July 27, 2005 by Will Norris. Just before going home on monday, Walter and I made the final release of
Shibboleth
1.3. Okay, so he did a few things in CVS and I just kinda watched, but it was fun all the same. My last six months here at UofM have been focused on this release. I started off with some pretty cool unit ...
Java OpenID Library - Target Audience
willnorris.com/2009/java-openid-library-target-audience/
It is certainly my goal to address both extremes in the
Shibboleth
OpenID library, but it will happen in phases. The first phase will address the edge-cases, those users of the library that tend to have unique needs and requirements. That may seem backwards, but I assure you it isn't. First of all, the really practical reason for starting ...
Java OpenID Library Design - Message Handling - Will Norris
willnorris.com/2009/java-openid-library-design-message-handling/
This past June I contracted with Internet2 to work on adding OpenID support to the
Shibboleth
Identity Provider. I had actually started to work on this over a year prior while working at USC. At the time there were (and still are) two primary OpenID libraries in Java, Verisign's JOID, and Sxip's OpenID4Java.I spent a fair amount of time looking at both libraries, but ultimately decided ...
OpenID is not a provisioning engine - willnorris.com
willnorris.com/2007/openid-is-not-a-provisioning-engine/
I am not surprised to hear someone say this, as this is a common point of confusion here at USC in regards to
Shibboleth
. When it comes to attribute delivery, both OpenID and SAML are primarily designed to provide data at the time of login 1. So this means that if a user never logs in to your service, you never get any data about them.
hCard is not a provisioning engine (for private data)
willnorris.com/2007/hcard-is-not-a-provisioning-engine-for-private-data/
This fine-grained level of control has always been a core requirement for the
Shibboleth
SAML Identity provider, and I would argue that the (currently beta)
Shibboleth
2.0 IdP has one of the most powerful and flexible (and admittedly, verbose) filtering engines of its kind anywhere.
One year at USC
willnorris.com/2007/one-year-at-usc/
We're already trying to make
Shibboleth
work with Cardspace, so who really knows. So this next year should see moving to our new offices (probably in the next few weeks), the deployment of a new guest system at USC, the release of
Shibboleth
2.0, working on
Shibboleth
2.1, and who knows what else.
Directed Identity vs Identifier Select - Will Norris
willnorris.com/2009/openid-directed-identity-identifier-select/
I initially started writing this post a couple months ago in response to the common misuse of the term "directed identity" I was seeing in the OpenID community. After reading Dirk Balfanz's guest post Users vs.
Life and Love and Why - willnorris.com
willnorris.com/2006/life-and-love-and-why/
As much as I love working at the University of Memphis, there have been a number of contributing factors leading me toward something new. I first got in touch with USC last October when they were looking for a
Shibboleth
Administrator; of course, I've been working on
Shibboleth
for the last year and know the project very well. Things didn't ...
OpenID provider wish-list
willnorris.com/2007/openid-provider-wish-list/
Real attribute release policies - Perhaps I'm just spoiled from working on
Shibboleth
for several years, but I would really like fine grained control over what attributes are delivered to a given relying party. MyOpenID's "persona" feature definitely comes pretty close on this, but I believe it is still an "all or nothing" choice ...
Archive - Will Norris
willnorris.com/archives/
Shibboleth
1.3 released Jul 27, 2005; Lock Screen Jul 18, 2005; iTunes podcast updating Jul 16, 2005; rss for homework assignments Jul 7, 2005; fix to problems with webobjects builder Jul 5, 2005; Google Maps Innovation Jul 5, 2005; Anna Nalick Jul 3, 2005; quicksilver and itunes Jun 27, 2005; bluetooth mouse Jun 24, 2005; embedding data into ...
New Beginnings
willnorris.com/2008/new-beginnings/
There are a few major additions to
Shibboleth
we've talked about adding, but simply haven't had the time. The primary attraction to the new job is quite simply the work I'll be doing and who I'll be doing it with - I'll finally be able to really dig in to some of the projects that haven't received the level of attention I would ...
strong authentication and emailing passwords
willnorris.com/2007/strong-authentication-and-emailing-passwords/
2023-03-01T00:00:00.0000000
So this afternoon, I happened across i@mdentity listed in the OpenID Directory.They seem to be some kind of identity provider in the UK that has their own authentication protocol that they have a small number of vendors using.
Will & Elisabeth - About Us
willnorris.com/wedding/about
In October 2005, I heard that a school in California (USC) was looking for a
Shibboleth
administrator, so I expressed my interest in the position. My job at UofM was only a part-time position and I had no real ties to Memphis, so I figured I had nothing to lose. About the same time, I was also offered an position at a large university on the ...
About - Will Norris
willnorris.com/about/
About. Hi, I'm Will Norris. I'm a follower of Jesus, a husband to Elisabeth, a father to Gabriel and Judah , a citizen of the indie web, and a software engineer at Tailscale. Prior to Tailscale, I was the Open Source Lead at Twitter. Before that, I was at Google for 10 years, with most of that time spent in their Open Source Programs Office ...
Thoughts on Proposition 8 - Will Norris
willnorris.com/2008/thoughts-on-proposition-8/
California's Proposition 8, which proposes a constitutional amendment to ban same-sex marriages, has certainly been a recent topic of discussion around ours and many Californian's dinner tables. I've talked with friends, family members, and colleagues, listening to the various arguments people have on each side of the issue.
Will Norris
willnorris.com/resume/
willnorris.com
• will@willnorris.com Experienced engineering leader with 15+ years building products for developers and leading teams with a particular focus on open source. Work Experience Tailscale Software Engineer 2022 - Present Twitter Open Source Lead 2020 - 2022 Re-established Twitter's Open Source Programs Office and recruited team of Technical Program Managers and Engineers to ...
A place to call home - willnorris.com
willnorris.com/2013/a-place-to-call-home/
Last week, in a post talking about the IndieWeb, I shared my concerns with Mike Elgan's "Blogs of August", in which he encourages individuals to blog exclusively on Google+ for the month of August. I'm happy that the conversation has continued over the last week in various places like Copyblogger and on Google+ itself.. In my post last week, I mentioned:
Tailscale devices with a custom domain
willnorris.com/2023/tailscale-custom-domain/
2023-11-01T00:00:00.0000000
What I found was coredns-tailscale, a plugin for coredns that effectively maps Tailscale device names onto a custom domain. The coredns-tailscale project has been around for about a year, and I later discovered that it had been mentioned in the Tailscale newsletter from October 2022 . I guess I either missed seeing it or just wasn't looking ...
Supporting WebFinger with Static Files and Nginx - Will Norris
willnorris.com/2014/webfinger-with-static-files-nginx/
So, my final nginx configuration for supporting WebFinger is: My first location block is an exact match for the well-known WebFinger path. Within that block, I first enforce that only GET and HEAD requests are accepted, all others receive a 405 response. This isn't required by the spec, but seems like a good idea.
Books I Read in 2015 - willnorris.com
willnorris.com/2016/books-i-read-in-2015/
As I fully expected, I did much less reading this year than in previous years. Having a newborn will do that do you. Xenocide, Orson Scott Card. This is the third book in the Ender's Game series, and maybe the last I'll read for a little while.
Feedback