Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

  1. Santuario / Jakarta move → looks like 2.1 may be sunsetting pretty quickly, trying to get confirmation on a date

  2. OIDC / OAuth coordination

    1. Inc. OP package name transfer to oidc-common for profile config. Which versions and when.

    2. Features in the OP which requires the metadata resolver work in odic-common

  3. (RDW) M2 verification is now on for IdP nightly build. Still outstanding (before we discuss other attacks)

    1. Process for accepting new certs - we have such a case outstanding for net.minidev:json-smart:2.4.7

    2. A plan for what to do if we do discover a forgery.

Attendees:

Brent

Daniel

Henri

Ian

...

  • https://shibboleth.atlassian.net/browse/JPAR-178 updated this. Seems OK - at least for now.

  • Working on RP:

  • Work on commons:

    • Henri has ideas on how to improve the metadata resolver work, so I will revisit some of that.

    • Jira Legacy
      serverSystem JIRA
      columnskey,summary,type,created,updated,due,assignee,reporter,priority,status,resolution
      serverIdf52c7d31-6eab-3f0e-93c3-231b5754d506
      keyJCOMOIDC-21
      https://shibboleth.atlassian.net/browse/JCOMOIDC-21 - move some of the OP profile configuration stuff into oidc-common. Some is needed by the RP. Added timescales to the agenda on what gets released when and how the changeover in the OP happens.
      Jira Legacy
      serverSystem JIRA
      columnskey,summary,type,created,updated,due,assignee,reporter,priority,status,resolution
      serverIdf52c7d31-6eab-3f0e-93c3-231b5754d506
      keyJCOMOIDC-26

    • https://shibboleth.atlassian.net/browse/JCOMOIDC-26 - need to check JWT validation API is suitable for upcoming use cases.

  • Other:

    • Maybe look to switch the default CSRF validation predicate to use a constant-time algorithm. Although the predicate is injectable and I am not sure adds much in our case.

...