Shibboleth Developer's Meeting, 2016-05-06
Call Administrivia
10:00 Central US / 11:00 Eastern US / 16:00 UK
Calls are normally the 1st and 3rd Fridays of each month. Next call would be Friday 2016-05-20. Any reason to deviate from this?
60 to 90 minute call window.
This week's call will use the Lync system at OSU. To participate, call:
- +1 (614) 688-1800 (please use if possible)
- +1 (800) 678-6114 (use only if you're charged for the 614 number)
The Conference ID is: 738127#
International participants should be able to access the 800 number without charge through Skype.
AGENDAAdd items for discussion here
- Jetty 9.2 EOL
Attendees:
Brent, Daniel, Ian, Marvin, Rod, Scott, Tom, Misagh
Brent
Daniel
Adventures in publishing 3rd party snapshot jars to the nexus repository. Current process is to ping Tom when an update is needed.
Ian
Marvin
- Resolved IDP-949
- Suggest we document Webflow inheritance somewhere. I keep getting tripped up by it.
Rod
SP - VC14 (VS2015, just to confuse) conversion. Almost done modulo the bits that aren't.
...
EDS - Time to consider running the snapshot on shibboleth.net? EDS-71
I probably need help with prioritization.
Scott
Tom
Worked on a lot of development and extension documentation related to custom flows of various types, did some refactoring of flow responsibilities as I identified problems with the development model.
Note: re-did the message properties as suggested by community with all the built-in values moved into system/
MFA work sort of parked so I'm not splitting my brain, but the trendline on it was in a discomfortingly "reinvent Spring WebFlow" direction FWIW.
SP advisory issued, not much reaction as of yet, but no push back on the plan either. The security issue in JIRA was opened up since the issue is fully disclosed anyway.
Started work on SP enhancements and fixes scheduled for 2.6, slow going while I re-learn C++.
No word on either my proposed Xerces fixes or from the expected fuzzing on xmlsec. Think we should consider allocating time to build and run SP with Google's address sanitizing library built in to RH7. My expectation is the results will be very, very bad. Will be very time consuming.
Grant SoW proposal sent to Stina, no feedback as of yet.
Data point: 32-bit JVM is now unable to reload InCommon metadata when running fully loaded with that metadata plus a few local sources that are a few megs in size and under some load. Guessing more sites may be hitting that soon.
Tom
- Checkstyle
- Add final checks
- CLI noisy
- Publish/deploy site (includes Javadoc, Checkstyle report, Cobertura coverage, etc.)
- Rough draft demo https://build.shibboleth.net/nexus/content/sites/site/
- POM changes
- Update parent-v3
- Unlock all dependencies / the stack
- Lead way to updating dependencies prior to release
- Ldaptive snapshot dependency + doc
- Publish/deploy site (includes Javadoc, Checkstyle report, Cobertura coverage, etc.)
Other