...
Calls are normally the 1st and 3rd Fridays of each month. Next call would be Friday 2021-11-0405. Any reason to deviate from this?
...
Add items for discussion here
Server - any other issues?
Maven Central : get to consensus on actionable plan (Tom)
Do we care to know/log who uses/downloads our artifacts ? no
only way we can really know is to host ourselves and not on Central
Plan is to migrate public repos from hosting with Nexus to Apache
To be more secure and hopefully reduce load (gotta try to find out)
Nexus : https://build.shibboleth.net/nexus/content/groups/public/
Apache : https://build.shibboleth.net/maven
Need Nexus to manage snapshot metadata (although we might be able to migrate away)
Do we want to continue to host a public snapshots repository ? yes
no way to control client lookups = lots of 404s
Do we want to continue to host a public (or private) cache of Central ? no
(automatically proxied by Nexus, we could validate sigs using Rod’s tool)
Attendees:
Brent
https://shibboleth.atlassian.net/browse/IDP-1870
Clarify Scott’s suggestion. Maybe on-use is good enough?
Daniel
Henri
https://shibboleth.atlassian.net/browse/JOIDC-21
The concept of metadata policy (related to RP registration) is getting more generic
First it was only related to registration access tokens, then also for restricting/filtering/defaulting incoming requested registration values in the dynamic registration configuration
Possibly also on the upcoming RP-feature for validating dynamic registration responses
OIDCfed spec draft also defines metadata policy (see 5.1): the same structure can be used
Phil’s metadata resolution work very useful, as metadata policies are JSON
...