Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Shibboleth Developer's Meeting, August 22, 2014

Call Administrivia

10:00 Central US / 11:00 Eastern US / 16:00 UK

Normal schedule is to skip next Friday as it's  

Normally we skip the last Friday of the month. Any reason to vary that?

60 to 90 minute call window.

, but instead we are going to have a call on August 29 and then skip Sep 5.

 

Call Details

This week's call will use the Lync system at OSU on an experimental basis. To participate, call:

  • +1 (614) 688-1800 (please use if possible)
  • +1 (800) 678-6114 (use only if you're charged for the 614 number)

The Conference ID is: 738127#

International participants should be able to access the 800 number without charge through Skype.

Fallback Call Details

If the above doesn't work out, we will fall back to the previous system at 15 minutes past the hour.


Meeting Number: 24048131
 
Toll / Intl #: N/A
Toll-Free #: N/A

Attendees:
 

 

Brent

...

Scary warnings in the MDA documentation. Tone them down?

Logging and subversion dependencies.

Out of town 29th to 1st.

Iceland: http://baering.github.io

 

Rod

Kicking the wheels on windows installer.  Watching Bárðarbunga.

Scott 

Corrected code to handle Anonymous RP case, which we've decided to rename to ?Unverified?

  • Hit an issue with Rod's taglibs in at least Velocity case, unsurprisingly, haven't investigated, likely just something assuming metadata present.
  • General impression is that CAS' needs will be trivially met out of the box by existing Anonymous behavior e.g. attribute filtering, etc.

Added control point for deciding how to handle identity switches mid-session, a property now dictates whether it's an Event or not

Fixed up log dependency in testbed to get it working, not sure about integration tests

Finished, mostly, migrating trust engine config to final resting place and supporting default legacy behavior in Spring parser

Audit logging mostly done, still need to look for some additional audit fields we might want (but people have several injection points now for their own audit field extraction)

Next up: probably logout, but wondering about SOAP client capability...then again, this is probably message signing only anyway

  • Even back-channel's probably not trivial, we may want to spin up a thread for each SP or at least a pool of them

Tom

Talk about next steps for uApprove. Some comments :

...

However, I was confused as to what "rejecting" consent would mean on a per-attribute basis, what the timeline would be for asking for consent again, etc, so I posted a quick note to the dev list, and that led me to the PrivacyLens and GakuNin forks. I also did some quick internet searches for "user attribute consent" and realized that quite a bit of work has been done already, the document that made me feel the "best" was this one, which says that IdPv3 will NOT include a per-attribute consent GUI. For other projects with consent UIs, see SimpleSAMPphp and Cirrus Identity et al. I liked this page because it displays a matrix for required vs optional attributes and a UI, for which I wonder how it would look on a small screen. I was also pretty clueless until now, and still really am, regarding REFEDS Attribute Release Recommendations

After a whirlwind tour through attribute release consent, I am left pretty much where I started, that I should port uApprove v2 to v3, leaving room for per-attribute consent, but defer UI work until later.

It seems that the Google UI for consent probably is the only way to display the relevant information on a small screen as well as a larger one, but it would probably take some work to come close to that, which boils down to summarizing attributes rather than displaying name-value pairs.

I'll note UMA, but did not find it directly applicable at this time due to scope.

 

Other