Versions Compared

Old Version 7

changes.mady.by.user Tom Zeller

Saved on

compared with

New Version Current

changes.mady.by.user John W. O'Brien

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

  • Are we ready to bump Jenkins agents to latest Maven 3.8.6 ? (Tom)

  • Jira Legacy
    serverSystem JIRA
    serverIdf52c7d31-6eab-3f0e-93c3-231b5754d506
    keyJPAR-197
    (Tom)

  • (Phil & Henri) oidc-commons branch merging, testing, and eventual release

Attendees:

Brent

  • Jira Legacy
    serverSystem JIRA
    serverIdf52c7d31-6eab-3f0e-93c3-231b5754d506
    keyOSJ-360

    • Done, after figuring out some pesky policy OID stuff.

  • Users list question about Veracode, EC named curves implies: Should we consider a security policy layer that blocks “weak” keys from being used (as opposed to weak signing/encryption/other algorithms)?

Daniel

Henri

  • Jira Legacy
    serverSystem JIRA
    serverIdf52c7d31-6eab-3f0e-93c3-231b5754d506
    keyJOIDC-127

    • The sid claim is required for the logout feature

    • Fairly simple to implement, but API-module changes cannot be avoided

  • Jira Legacy
    serverSystem JIRA
    serverIdf52c7d31-6eab-3f0e-93c3-231b5754d506
    keyJOIDC-128

    • Currently the authorize flow hardcoded to decode OIDC authentication requests

    • Prototyping with a decision-state before decoding request:

      • if the scope-parameter contains openid, it’s OIDC authentication request

      • OAuth authorization request otherwise

      • Refactor SWF actions / functions into using OIDC only when really OIDC-specific

Ian

  • Repository pruning continues.

  • Spring Framework 6.0.0-M6 (and 5.3.23) are out.

    • 6.0.0-RC1 due 2022-10-12.

    • 6.0.0-RC2 due 2022-10-20.

John

  • cpp-linbuild

    • Jira Legacy
      serverSystem JIRA
      columnskey,summary,type,created,updated,due,assignee,reporter,priority,status,resolution
      serverIdf52c7d31-6eab-3f0e-93c3-231b5754d506
      keySSPCPP-954

    • Minor updates to Docker images

Marvin

Phil

...

  • Nothing to report

  • Apologies, I won’t be able to make the call

Scott

  • Refactoring…

    • Bean created that will rewrite class and parent declarations based on a map, and the bean is now installed on main branch for global and all service contexts. Should be able to add it to the flows too.

    • All of spring-extensions has been migrated to net.shibboleth.shared.spring.* package names with rules added to the rewrite map in global-system.xml. One stub left behind for web.xml compatibility.

    • Moved on to work on test refactoring. OpenSAML now has a -testing module for test APIs, and many of its impl modules now depend on it, but -api cannot to prevent loops. This necessitated breaking apart -core (which we should have done anyway) and also migrating a few other tests down into -impl modules.

      • Any tests of a package defined in -api but implemented in -impl tend to have “.tests” on the end of the package name to avoid package sealing violations.

      • Will be moving on to remaining layers to eliminate test-jar dependencies.

Tom

Other