...
Name | Skills | Est. | Description |
---|---|---|---|
SP V4 Redesign | 2025-2026 | 9PM | The SP is on an unsustainable path and needs to be replaced with a different software redesign that addresses sustainability challenges – see Service Provider V4 Redesign |
OIDC Federation | Java, OAuth/OIDC | 3PM | “Complete” support for the finished specs around OIDC Federation, primarily motivated by government projects at this point. |
Wallets / Verifiable Credentials | Java, VC specs | 6PM | Signs are pointing strongly toward, for better or worse, wallets and new protocols using them replacing SAML and OIDC in their current form at some point in the future, possibly the very near future (see also FedCM). |
Understanding Shib/SAML Documentation | Tech Writing, SME | 2PM | Developing a good set of documentation that explains SAML, Shibboleth, and Federations at a conceptual level. The intended audience for the documentation is those new to the subject matter. |
Enhanced Product Documentation | Tech Writing, SME | 3PM | Developing a good set of product documentation that explains features more thoroughly and contextually, with examples, and better how-to material that is task focused instead of reference oriented. |
Developer Documentation | SME | 3PM per product | Developing a good set of developer documentation for extension work on Shibboleth products. Documenting the SP and IdP would be separate items. |
Packaging / Installation / Deployment | Packaging, Containerization, Installer Tools | 2PM | This would span general installer improvements all the way to possible use of container technologies like Docker. Unclear if there's value in a general solution to that, but various groups have asked or have worked on things like this. Internet2 has stepped in to do this work with the TAP container. |
Expansion of IdP Integration Testing | Java, Installer Tools | 2PM | We need more extensive coverage of the installation processes and integration tests across different supported containers and platforms, to improve QA. |
IdP User Interface | Java, Javascript | There are various things that the IdP might expose a UI in order to manage, such as:
A GEANT project has been ongoing in 2023 to produce a form of this that we might eventually take over. This has potential for supplying at least a part of the missing UI needed to make Passwordless support more viable. | |
Java Service Provider | Java, SAML | 1PM | An analogue of the native, C++, SP written in Java. This has been requested for a long time due to the deficiencies so many other SAML implementations have had. It's been parked for a long time, and we had hoped to see good implementations emerge, but that hasn't happened. The work to redesign the SP would be expected to migrate much of the core function into Java, and the agent architecture under discussion is hoped to provide a path to producing new agents at much less cost to the project. The estimate of time is based on having a delivered SP redesign to work from. |
Office 365 Integration | Java, WS-Trust, OAuth | 3PM | Microsoft has made documents publically available describing fat-client integration with Office 365 via WS-Trust. They are offering technical contacts to faciitate this work. We have to determine viability and our willingness to adopt non-standard profiles without public change control procedures. This work seems of questionable value now given the SAML support across most of the applications and would probably take the form of OAuth support if we did anything. Realistically, Microsoft’s unwillingness to really support third party options make this a questionable proposition. |
IdP Configuration Tooling | Java, Javascript, UI design | From time to time people have requested some form of configuration tooling for the IdP. The suggestions range from command line tools, desktop UIs, and web-based UIs. In general it seems like the most often wish revolve around configuring:
The Unicon GUI is convering a lot of this space at the moment though in a highly abstracted/insulated way through the metadata boundary and the MetadataDrivenConfiguration work. | |
Security Audit/Review | C++, Java | Various open source projects have undertaken formal code audits or reviews for security issues, and this sometimes is raised as a pseudo-requirement for governmental usage. We have a lack of resources/expertise, and no explicit demand/requirement for this. It would also be costly in time. With the need to rewrite the SP, it doesn't make a lot of sense to audit that right now. | |
Gradle | Java | There are arguments to consider a migration from Maven to Gradle for the Java software build process. This is unlikely to result in any customer-facing benefits of course. |
...