Versions Compared

Old Version 4

changes.mady.by.user Scott Cantor

Saved on

compared with

New Version Current

changes.mady.by.user ChadC

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Migrated to Confluence 4.0

Shibboleth Developer's Meeting, June 28, 2012

Attendees: Rod Widdowson, Ian Young, Scott Cantor, Jim Fox, Tom Zeller, Paul Hethmon, Nate Klingenstien, Daniel Fisher

Agenda

Infrastructure Update

Currently Migrated
  • LDAP, IdP, Nexus
  • nexus on new hostname
Weekend Outage Post-mortem
  • IdP and SVN became inaccessible
    • Problem was bad OpenLDAP ACL
  • MX records disappeared
    • bug in GoDaddy UI triggered by adding A records and adjusting TTL of MX records
Upcoming Migrations
  • IdP to new hostname
    • all set up and metadata changed - just using a temp file for our SPs at the moment
    • just waiting for A record change
  • Website
    • Everything copied over and deployment script working
    • Just waiting for A record change
  • Mailing list
    • prelim work has been done
    • just need to adjust mail configuration
    • waiting to hear back from Scott L (Uni Edinburgh mail manager)
    • need to think about anti-span setup - probably need to do this
  • Confluence
    • alternative 1: move things as is and upgrade to 3.5
    • alternative 2: upgrade to 4.1 - requires transitioning through some intermediate version
    • looks like alternative 2 should work, we'll try that and check in in two weeks
    • we're about at the EOL of 3.x release cycle
    • 4.1 editor isn't nearly as bad as we feared
    • new markup is based on xhtml - should help if we ever need to move off
  • Jira
    • way behind on upgrades
    • Jim may have plugin for latest Jira

OpenSAML Update

  • Brent on holiday until July 10th
  • Working on new SAML encoders and decoders
  • Basic functionality is complete
  • Some additional refactoring to make full use of the new APIs remains
  • Need to determine remaining set of work

IdP Update

v2.3.7
  • completed and staged
  • Rod generating MSI tomorrow or Saturday
  • Will be announced on Monday
Async SLO
  • SLO protocol extension that indicates the IdP doesn't need to respond to the SP
  • Guarantees the IdP owns the UI and provides more freedom in processing the SLO request
  • Work started in OASIS, should have a draft spec by next SSTC meeting in two weeks
  • Extension for IdP v2 to that only destroys the IdP session
    • see how much work it would be to fire off back-channel request
v3
  • Chad: hashing through authentication APIs, main focus on method selection
  • Tom: getting up to speed on web flow
  • Tom: working on project module that will generate the IdP WAR file

SP Update

Work Left on 2.5
  • Work is mostly complete and people have been testing the installer
  • Installer seems to be in good shape - updating seems to work as well
    • no upgrade support from existing SPs - will just require an uninstall and new install
    • we think we can release patches for dependencies as well (e.g., openssl)
  • Option Items:
    • Async SLO support
    • Something in the metadata generator to populate algorithm strings
      • existing runtime algo selection support in the SP should make this relatively easy
    • Close out some existing bugs after more testing
  • Release
    • another beta in two weeks
    • need to release update of Santaurio library
    • final release at end of July
Red Hat 5 is going to be supported until 2017: implications?

...

  • some libraries are already really old and contain bugs (e.g., libcurl DNS caching bug)
  • Scott uncomfortable depending on these older libs - we have ability to override libs with new releases
  • SP 2.5 might use new libs - Scott will raise this on the dev list

Project Roadmap

Additional items
  • nexus PGP signature checking plugin
  • Jira remote user authentication plugin
  • Tiqr Review
  • Rescope MDA 1.0 to exclude web service interface
  • Committers should send any additional items to the committers list so we can get them on the roadmap
Prioritization
  • no guidance from existing board
  • new board in place in August so we should be prepared to offer our opinion at the first meeting
  • some problem in translating Internet2 assumptions to statements to the board
  • major concerns about time we're spending on the infrastructure
  • need to have a better plan for IdPv3 especially expected release timeframe
  • Scott will send a note to the committers list outlining what information he needs to prepare a proposal to the new board

Connection Information

Time: 15:30 UTC

...