Page Comparison

Versions Compared

Key

This line was added.
This line was removed.
Formatting was changed.

...

Are we ready to bump Jenkins agents to latest Maven 3.8.6 ? (Tom)
Jira Legacy
server System JIRA
serverId f52c7d31-6eab-3f0e-93c3-231b5754d506
key JPAR-197
(Tom)
(Phil & Henri) oidc-commons branch merging, testing, and eventual release

Attendees:

Brent

Jira Legacy
server System JIRA
columns key,summary,type,created,updated,due,assignee,reporter,priority,status,resolution
serverId f52c7d31-6eab-3f0e-93c3-231b5754d506
key OSJ-360
- Done, after figuring out some pesky policy OID stuff.
Users list question about Veracode, EC named curves implies: Should we consider a security policy layer that blocks “weak” keys from being used (as opposed to weak signing/encryption/other algorithms)?

Daniel

Henri

Jira Legacy
server System JIRA
serverId f52c7d31-6eab-3f0e-93c3-231b5754d506
key JOIDC-127
- The sid claim is required for the logout feature
- Fairly simple to implement, but API-module changes cannot be avoided
Jira Legacy
server System JIRA
serverId f52c7d31-6eab-3f0e-93c3-231b5754d506
key JOIDC-128
- Currently the authorize flow hardcoded to decode OIDC authentication requests
- Prototyping with a decision-state before decoding request:
  - if the scope-parameter contains openid, it’s OIDC authentication request
  - OAuth authorization request otherwise
  - Refactor SWF actions / functions into using OIDC only when really OIDC-specific

...