...
Name | Expected Completion | Dependencies | Description |
---|---|---|---|
IdP V4.2 | 2021/2022 | Minor features and possibly preparations for Spring 6 if warranted. | |
IdP V5 | 2023 | Java 17, Spring 6 | Migration of the IdP platform and dependencies (including OpenSAML) to Java 17 and Spring Framework 6 to keep the platform appropriately current. This will remove some deprecated function but is not focused on new features. |
Second Generation IdP Proxy Support | 2022 | Add sufficient OIDC and possibly CAS support to IdP to handle proxying use cases without additional software footprint. SAML proxying support was added to IdPv4. | |
OIDC/OAuth Enhancements | 2022 | Additional features for the OIDC OP plugin, initially focused on use cases adjacent to OIDC specs, or adding optional OIDC material. Distinct from work focused on API security and full OAuth functionality, which is captured as "OAuth Authorization Service" below, and some enhancements to provide some additional OAuth functionality. See JOIDC project in Jira. | |
SP Packaging Automation | 2021 | AWS-based process for automating SP packaging, at least encompassing RPM platforms. This will conincide with changes to the packages we produce. | |
SP V4 Redesign | 2023-2024 | Substantial design work | The SP is on an unsustainable path and needs to be replaced with a different software redesign that addresses sustainability challenges – see SP4Details This work has begun with preliminary technical work and early planning and design, likely through 2021, with more comprehensive work starting in 2022. |
Java Project Deployment Changes | 2021 | The problems of unauthorized artifacts showing up in Maven Central require that we revisit and make decisions about supporting it, but no decisions have been made yet. | |
Browser Integration Testing | 2021 | End to end testing with browsers through the free Sauce Labs service | |
Infrastructure Documentation | 2021 | We have a lot of infrastructure services, but little formal documentation for them, which will make project transitions much harder. With a number of things changing this year, it’s a good time to get this done. |
...
Name | Skills | Est. | Description | ||||
---|---|---|---|---|---|---|---|
Understanding Shib/SAML Documentation | Tech Writing, SME | 2PM | Developing a good set of documentation that explains SAML, Shibboleth, and Federations at a conceptual level. The intended audience for the documentation is those new to the subject matter. | ||||
Enhanced Product Documentation | Tech Writing, SME | 3PM | Developing a good set of product documentation that explains features more thoroughly and contextually, with examples, and better how-to material that is task focused instead of reference oriented. | ||||
Developer Documentation | SME | 3PM per product | Developing a good set of developer documentation for extension work on Shibboleth products. Documenting the SP and IdP would be separate items. | ||||
Packaging / Installation / Deployment | Packaging, Containerization, Installer Tools | 2PM | This would span general installer improvements all the way to possible use of container technologies like Docker. Unclear if there's value in a general solution to that, but various groups have asked or have worked on things like this. Internet2 has stepped in to do this work with the TAP container. | ||||
TestShib-NG | 2.5PM | An effort to create a new TestShib software package and platform. Of late, samltest.id seems to have filled this niche well enough. | |||||
Expansion of IdP Integration Testing | Java, Installer Tools | 2PM | We need more extensive coverage of the installation processes and integration tests across different supported containers and platforms, to improve QA. | ||||
IdP User Interface | Java, Javascript | There are various things that the IdP might expose a UI in order to manage, such as:
| |||||
Java Service Provider | Java, SAML | 2PM | An analogue of the native, C++, SP written in Java. This has been requested for a long time due to the deficiencies so many other SAML implementations have had. It's been parked for a long time, and we had hoped to see good implementations emerge, but that hasn't happened. The work to redesign the SP is expected to migrate much of the core function into Java, and the agent architecture under discussion is hoped to provide a path to producing new agents at much less cost to the project. The estimate of time is based on having a delivered SP redesign to work from. | ||||
Office 365 Integration | Java, WS-Trust, OAuth | 3PM | Microsoft has made documents publically available describing fat-client integration with Office 365 via WS-Trust. They are offering technical contacts to faciitate this work. We have to determine viability and our willingness to adopt non-standard profiles without public change control procedures. This work seems of questionable value now given the SAML support across most of the applications and would probably take the form of OAuth support if we did anything. | OAuth Authorization Service | Java, OAuth | 8PM | OAuth 2 introduces an infrastructure component for issuing authorization tokens, essentially similar to some of the eventual goals for SAML. We could add this kind of functionality to the IdP. Neither the demand for this, nor the actual use cases, are very clear at the moment. |
IdP Configuration Tooling | Java, Javascript, UI design | From time to time people have requested some form of configuration tooling for the IdP. The suggestions range from command line tools, desktop UIs, and web-based UIs. In general it seems like the most often wish revolve around configuring:
The Unicon GUI is convering a lot of this space at the moment though in a highly abstracted/insulated way through the metadata boundary and the MetadataDrivenConfiguration work. | |||||
Security Audit/Review | C++, Java | Various open source projects have undertaken formal code audits or reviews for security issues, and this sometimes is raised as a pseudo-requirement for governmental usage. We have a lack of resources/expertise, and no explicit demand/requirement for this. It would also be costly in time. With the need to rewrite the SP, it doesn't make a lot of sense to audit that right now. |
...