...
Add items for discussion here
Server - any other issues?
Maven Central : get to consensus on actionable plan (Tom)
Do we care to know/log who uses/downloads our artifacts ?
only way we can really know is to host ourselves and not on Central
Plan is to migrate public repos from hosting with Nexus to Apache
To be more secure and hopefully reduce load (gotta try to find out)
Nexus : https://build.shibboleth.net/nexus/content/groups/public/
Apache : https://build.shibboleth.net/maven
Need Nexus to manage snapshot metadata (although we might be able to migrate away)
Do we want to continue to host a public snapshots repository ?
no way to control client lookups = lots of 404s
Do we want to continue to host a public (or private) cache of Central ?
(automatically proxied by Nexus, we could validate sigs using Rod’s tool)
Attendees:
Brent
Jira Legacy server System JIRA columns key,summary,type,created,updated,due,assignee,reporter,priority,status,resolution serverId f52c7d31-6eab-3f0e-93c3-231b5754d506 key IDP-1870 Clarify Scott’s suggestion. Maybe on-use is good enough?
Daniel
Henri
https://shibboleth.atlassian.net/browse/JOIDC-21
The concept of metadata policy (related to RP registration) is getting more generic
First it was only related to registration access tokens, then also for restricting/filtering/defaulting incoming requested registration values in the dynamic registration configuration
Possibly also on the upcoming RP-feature for validating dynamic registration responses
OIDCfed spec draft also defines metadata policy (see 5.1): the same structure can be used
Phil’s metadata resolution work very useful, as metadata policies are JSON
...