Page Comparison

...

• Rod: IDP-2242 Can/Should we stop using “Unsupported” and rely instead on SECADV/OutOfDate/Current

• 5.1 freeze schedule

  • Feature freeze on 2/26, code freeze 3/4 and release that week if possible

• Santuario (C++) future

  • Will make a proposal for a cut down V3 either at Apache if accepted, or we close it down, and fork if not (at which point it’s optional for us to do if we want).

Attendees:

Brent

• Jira Legacy
  server System JIRA serverId f52c7d31-6eab-3f0e-93c3-231b5754d506 key OSJ-391

  • Think this is done? Leave defaults as they are now?

• Jira Legacy
  server System JIRA serverId f52c7d31-6eab-3f0e-93c3-231b5754d506 key OSJ-392

  • Think I have a workable solution for the role descriptor adapter issues (mutable collections, and setters which throw). Need to test, mindful of the freeze timing.

...

• Jira Legacy
  server System JIRA serverId f52c7d31-6eab-3f0e-93c3-231b5754d506 key JOIDC-186

  • Seems The JWT refresh token seems to be working as expected in test deployments

• Jira Legacy
  server System JIRA serverId f52c7d31-6eab-3f0e-93c3-231b5754d506 key JCOMOIDC-96

  and

  Jira Legacy
  server System JIRA serverId f52c7d31-6eab-3f0e-93c3-231b5754d506 key JOIDC-196

  • Working OK for both metadata policies (in registration) and unregistered client policies

  • Do we want to make a scriptable abstract bean for custom policy operator ?

• Jira Legacy
  server System JIRA serverId f52c7d31-6eab-3f0e-93c3-231b5754d506 key JCOMOIDC-99

  • Found when integrating the custom operators (above) to the merging function

• Automated logout testing scripts still need to be fine-tuned for minimal template changes

• Polishing and minor changes before minor release - and NonNull-work..

...

• RP developments

  • Jira Legacy
    server System JIRA serverId f52c7d31-6eab-3f0e-93c3-231b5754d506 key JOIDCRP-54

    • Hook to add arbitrary claims into the signed Request Object.

  • Jira Legacy
    server System JIRA serverId f52c7d31-6eab-3f0e-93c3-231b5754d506 key JOIDCRP-51

    • Allowed the RP to send empty ACR and AMR claims to the translators. The translation function can be overridden with their own.

• WebAuthn developments:

  • Jira Legacy
    server System JIRA serverId f52c7d31-6eab-3f0e-93c3-231b5754d506 key JWEBAUTHN-2

    Missing 1 key for cose-java. It looks like Emil has eliminated that dependency from the Yubico libraries, and will be releasing a patch release (2.5.1) very soon. When we grab that, we will not need the key.

  • Lots of cleanups.

  • A decent amount of work on the registration process.

    • Username and password authentication to first register a WebAuthn credential, but WebAuthn flow is required once you have one.

      • Requires username collection as a first step in the registration flow.

  • Adding attestation support even if not used initially.

Rod

• EDS: We have had three patches submitted. New release?

  • Jira Legacy
    server System JIRA serverId f52c7d31-6eab-3f0e-93c3-231b5754d506 key EDS-94

  • Jira Legacy
    server System JIRA serverId f52c7d31-6eab-3f0e-93c3-231b5754d506 key EDS-95

  • Jira Legacy
    server System JIRA serverId f52c7d31-6eab-3f0e-93c3-231b5754d506 key EDS-93

• Jira Legacy
  server System JIRA serverId f52c7d31-6eab-3f0e-93c3-231b5754d506 key IDP-2240

  New helper class with 6 methods - any more needed?

• Jira Legacy
  server System JIRA serverId f52c7d31-6eab-3f0e-93c3-231b5754d506 key IDP-2242

  (agenda)

• Jira Legacy
  server System JIRA serverId f52c7d31-6eab-3f0e-93c3-231b5754d506 key IDP-2236

  - I plan to use this to write the documentation

• Other IdP Bugs

...