...
Name | Expected Completion | Dependencies | Description |
|---|---|---|---|
IdP V5 | September 2023 | Java 17, Spring 6 | Migration of the IdP platform and dependencies (including OpenSAML) to Java 17 and Spring Framework 6 to keep the platform appropriately current. This will remove some deprecated function but is not (principally) focused on new features. The main disruptive goal of this release is to refactor much of the code into new shared modules that will be usable by the SP V4 Redesign work if it happens. Minimizing impact on IdP deployers is a primary consideration but some API and thus small configuration changes will be required. |
Smaller OIDC/OAuth Enhancements | Ongoing | Additional features for the OIDC OP plugin, initially focused on use cases adjacent to OIDC specs, or adding optional OIDC material, and some enhancements to provide some additional OAuth functionality. See JOIDC project in Jira. Specific enhancements will largely depend on member interest/demand. | |
SP Packaging Automation | Ongoing | AWS-based process for automating SP packaging, at least encompassing RPM platforms. This will conincide with changes to the packages we produce. The initial work is completed but work is ongoing to allow for CI in AWS. |
...
Name | Skills | Est. | Description |
|---|---|---|---|
SP V4 Redesign | 2025-2026 | 9PM | The SP is on an unsustainable path and needs to be replaced with a different software redesign that addresses sustainability challenges – see Service Provider V4 Redesign |
OIDC Federation | Java, OAuth/OIDC | 3PM | “Complete” support for the finished specs around OIDC Federation, primarily motivated by government projects at this point. |
Understanding Shib/SAML Documentation | Tech Writing, SME | 2PM | Developing a good set of documentation that explains SAML, Shibboleth, and Federations at a conceptual level. The intended audience for the documentation is those new to the subject matter. |
Enhanced Product Documentation | Tech Writing, SME | 3PM | Developing a good set of product documentation that explains features more thoroughly and contextually, with examples, and better how-to material that is task focused instead of reference oriented. |
Developer Documentation | SME | 3PM per product | Developing a good set of developer documentation for extension work on Shibboleth products. Documenting the SP and IdP would be separate items. |
Packaging / Installation / Deployment | Packaging, Containerization, Installer Tools | 2PM | This would span general installer improvements all the way to possible use of container technologies like Docker. Unclear if there's value in a general solution to that, but various groups have asked or have worked on things like this. Internet2 has stepped in to do this work with the TAP container. |
TestShib-NG | 2.5PM | An effort to create a new TestShib software package and platform. Of late, samltest.id seems to have filled this niche well enough. | |
Expansion of IdP Integration Testing | Java, Installer Tools | 2PM | We need more extensive coverage of the installation processes and integration tests across different supported containers and platforms, to improve QA. |
IdP User Interface | Java, Javascript | There are various things that the IdP might expose a UI in order to manage, such as:
A GEANT project has been ongoing in 2023 to produce a form of this that we might eventually take over. This has potential for supplying at least a part of the missing UI needed to make Passwordless support more viable. | |
Java Service Provider | Java, SAML | 1PM | An analogue of the native, C++, SP written in Java. This has been requested for a long time due to the deficiencies so many other SAML implementations have had. It's been parked for a long time, and we had hoped to see good implementations emerge, but that hasn't happened. The work to redesign the SP would be expected to migrate much of the core function into Java, and the agent architecture under discussion is hoped to provide a path to producing new agents at much less cost to the project. The estimate of time is based on having a delivered SP redesign to work from. |
Office 365 Integration | Java, WS-Trust, OAuth | 3PM | Microsoft has made documents publically available describing fat-client integration with Office 365 via WS-Trust. They are offering technical contacts to faciitate this work. We have to determine viability and our willingness to adopt non-standard profiles without public change control procedures. This work seems of questionable value now given the SAML support across most of the applications and would probably take the form of OAuth support if we did anything. Realistically, Microsoft’s unwillingness to really support third party options make this a questionable proposition. |
IdP Configuration Tooling | Java, Javascript, UI design | From time to time people have requested some form of configuration tooling for the IdP. The suggestions range from command line tools, desktop UIs, and web-based UIs. In general it seems like the most often wish revolve around configuring:
The Unicon GUI is convering a lot of this space at the moment though in a highly abstracted/insulated way through the metadata boundary and the MetadataDrivenConfiguration work. | |
Security Audit/Review | C++, Java | Various open source projects have undertaken formal code audits or reviews for security issues, and this sometimes is raised as a pseudo-requirement for governmental usage. We have a lack of resources/expertise, and no explicit demand/requirement for this. It would also be costly in time. With the need to rewrite the SP, it doesn't make a lot of sense to audit that right now. |
...