Versions Compared

Old Version 13

changes.mady.by.user Former user

Saved on

compared with

New Version Current

changes.mady.by.user Ian Young

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Shibboleth Developer's Meeting, 2020-10-16

Call Administrivia

09:00 Central US / 10:00 Eastern US / 15:00 UK / 17:00 FI

Calls are normally the 1st and 3rd Fridays of each month. Next call would be Friday 2020-11-06. Any reason to deviate from this?

60 to 90 minute call window.


Call Details

This week's call will use the Zoom system at GU, see ZoomGU for see ZoomGU for access info.


AGENDA

  1. CVE-2020-13956

Attendees:


Brent

  • Jira Legacy
    serverShibboleth JIRA
    columnskey,summary,type,created,updated,due,assignee,reporter,priority,status,resolution
    serverId180d847f-bce4-36b2-9964-771bff586829
    keyOSJ-304
    • OpenSAML code done and 90% tested.  IdP parser and schema support pending.
  • Jira Legacy
    serverShibboleth JIRA
    columnskey,summary,type,created,updated,due,assignee,reporter,priority,status,resolution
    serverId180d847f-bce4-36b2-9964-771bff586829
    keyOSJ-82
    • Next major item on my todo list.

...

  • Jira Legacy
    serverShibboleth JIRA
    serverId180d847f-bce4-36b2-9964-771bff586829
    keyJCOMOIDC-2
    • Added complete unit tests + improved Javadocs/style
    • java-oidc-common needs to be added to Jenkins
  • Starting hands-on with the plugin stuff

...

  • Jira Legacy
    serverShibboleth JIRA
    columnskey,summary,type,created,updated,due,assignee,reporter,priority,status,resolution
    serverId180d847f-bce4-36b2-9964-771bff586829
    keyJDUO-16
     Duo are not changing their key length to meet the spec. Auth0 (lib they use) are not going to enforce the key length requirement either.
    • Will look to do the MAC computation directly using the standard JCA Mac algorithm - to remove the dependency on Auth0.
  • Jira Legacy
    serverShibboleth JIRA
    columnskey,summary,type,created,updated,due,assignee,reporter,priority,status,resolution
    serverId180d847f-bce4-36b2-9964-771bff586829
    keyJDUO-18
     Added a PKIX trust engine to pin the set of trust anchors required in Duo API TLS connections. Is done, maybe I need to think about CRLs or OSCP
    • Added the X509 certs for those root CAs to the Nimbus client module of the Duo plugin also
  • Jira Legacy
    serverShibboleth JIRA
    columnskey,summary,type,created,updated,due,assignee,reporter,priority,status,resolution
    serverId180d847f-bce4-36b2-9964-771bff586829
    keyJDUO-19
     Update plugin to be inline with the new module and plugin changes
    • Probably mostly there, but I need to be sure of that.

...