Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Name

Skills

Est.

Description

SP V4 Redesign

2025-2026

9PM

The SP is on an unsustainable path and needs to be replaced with a different software redesign that addresses sustainability challenges – see Service Provider V4 Redesign

OIDC Federation

Java, OAuth/OIDC

3PM

“Complete” support for the finished specs around OIDC Federation, primarily motivated by government projects at this point.

Understanding Shib/SAML Documentation

Tech Writing, SME

2PM

Developing a good set of documentation that explains SAML, Shibboleth, and Federations at a conceptual level. The intended audience for the documentation is those new to the subject matter.

Enhanced Product Documentation

Tech Writing, SME

3PM

Developing a good set of product documentation that explains features more thoroughly and contextually, with examples, and better how-to material that is task focused instead of reference oriented.

Developer Documentation

SME

3PM per product

Developing a good set of developer documentation for extension work on Shibboleth products. Documenting the SP and IdP would be separate items.

Packaging / Installation / Deployment

Packaging, Containerization, Installer Tools

2PM

This would span general installer improvements all the way to possible use of container technologies like Docker. Unclear if there's value in a general solution to that, but various groups have asked or have worked on things like this. Internet2 has stepped in to do this work with the TAP container.

Expansion of IdP Integration Testing

Java, Installer Tools

2PM

We need more extensive coverage of the installation processes and integration tests across different supported containers and platforms, to improve QA.

IdP User Interface

Java, Javascript


There are various things that the IdP might expose a UI in order to manage, such as:

  • User-initiated IdP-initiated Single Sign On and Single Log Out

  • User-initiated persistent ID disassociation

  • User-initiated removal of attribute release consent

  • Admin-initiated single logout of user

  • Admin-initiated reload of selected subsystems or metadata sources

A GEANT project has been ongoing in 2023 to produce a form of this that we might eventually take over. This has potential for supplying at least a part of the missing UI needed to make Passwordless support more viable.

Java Service Provider

Java, SAML

1PM

An analogue of the native, C++, SP written in Java. This has been requested for a long time due to the deficiencies so many other SAML implementations have had. It's been parked for a long time, and we had hoped to see good implementations emerge, but that hasn't happened.

The work to redesign the SP would be expected to migrate much of the core function into Java, and the agent architecture under discussion is hoped to provide a path to producing new agents at much less cost to the project. The estimate of time is based on having a delivered SP redesign to work from.

Office 365 Integration

Java, WS-Trust, OAuth

3PM

Microsoft has made documents publically available describing fat-client integration with Office 365 via WS-Trust. They are offering technical contacts to faciitate this work. We have to determine viability and our willingness to adopt non-standard profiles without public change control procedures.

This work seems of questionable value now given the SAML support across most of the applications and would probably take the form of OAuth support if we did anything.

Realistically, Microsoft’s unwillingness to really support third party options make this a questionable proposition.

IdP Configuration Tooling

Java, Javascript, UI design


From time to time people have requested some form of configuration tooling for the IdP. The suggestions range from command line tools, desktop UIs, and web-based UIs. In general it seems like the most often wish revolve around configuring:

  • Generate metadata based off of configuration

  • Add/remove metadata provider - will support file and URL based metadata and digital signature validation

  • LDAP/Kerberos/Container authentication

  • Database and LDAP data connectors

  • Configure release of attribute to all, or a specific, relying party

The Unicon GUI is convering a lot of this space at the moment though in a highly abstracted/insulated way through the metadata boundary and the MetadataDrivenConfiguration work.

Security Audit/Review

C++, Java


Various open source projects have undertaken formal code audits or reviews for security issues, and this sometimes is raised as a pseudo-requirement for governmental usage. We have a lack of resources/expertise, and no explicit demand/requirement for this. It would also be costly in time. With the need to rewrite the SP, it doesn't make a lot of sense to audit that right now.

Gradle

Java

There are arguments to consider a migration from Maven to Gradle for the Java software build process. This is unlikely to result in any customer-facing benefits of course.

Parked/Rejected

These are projects which were proposed but were found to be strategically unaligned, ill-defined, out of scope, or without sufficient interest from members. These items may be revisited from time to time as situations change. The list of course does not include many historical projects that have faded from public consciousness.

...