Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Calls are normally the 1st and 3rd Fridays of each month. Next call would be Friday 2021-11-0405. Any reason to deviate from this?

...

  • Add items for discussion here

  • Server - any other issues?

  • Maven Central : get to consensus on actionable plan (Tom)

    • Do we care to know/log who uses/downloads our artifacts ? no

      • only way we can really know is to host ourselves and not on Central

    • Plan is to migrate public repos from hosting with Nexus to Apache

    • Need Nexus to manage snapshot metadata (although we might be able to migrate away)

    • Do we want to continue to host a public snapshots repository ? yes

      • no way to control client lookups = lots of 404s

    • Do we want to continue to host a public (or private) cache of Central ? no

      • (automatically proxied by Nexus, we could validate sigs using Rod’s tool)

Attendees:

Brent

Daniel

Henri

  • https://shibboleth.atlassian.net/browse/JOIDC-21

    • The concept of metadata policy (related to RP registration) is getting more generic

      • First it was only related to registration access tokens, then also for restricting/filtering/defaulting incoming requested registration values in the dynamic registration configuration

      • Possibly also on the upcoming RP-feature for validating dynamic registration responses

    • OIDCfed spec draft also defines metadata policy (see 5.1): the same structure can be used

    • Phil’s metadata resolution work very useful, as metadata policies are JSON

...