Versions Compared

Version Old Version 9 New Version Current
Changes made by

Former user

Ian Young

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Shibboleth Developer's Meeting, 2021-05-07

Call Administrivia

09:00 Central US / 10:00 Eastern US / 15:00 UK / 17:00 FI

Calls are normally the 1st and 3rd Fridays of each month. Next call would be Friday 2021-05-21; any reason to deviate from this?

60 to 90 minute call window.


Call Details

This week's call will use the Zoom system at GU, see ZoomGU for see ZoomGU for access info.


AGENDAAdd items for discussion here

  1. Release plans

Attendees:


Brent


Daniel


Henri

  • Jira Legacy
    serverShibboleth JIRA
    serverId180d847f-bce4-36b2-9964-771bff586829
    keyJOIDC-44
    • Deep dive into the attribute registry & transcoders
  • Jira Legacy
    serverShibboleth JIRA
    serverId180d847f-bce4-36b2-9964-771bff586829
    keyJCOMOIDC-19
    • In practise the Nimbus release-cycle means that if we need a bug-fix, it's always a minor update for us 
  • Jira Legacy
    serverShibboleth JIRA
    serverId180d847f-bce4-36b2-9964-771bff586829
    keyJOIDC-42
    • About half is done with the latest Nimbus dependencies, I don't foresee issues

Ian


John

  • cpp-linbuild
    • Can generate manifests of RPM/SRPM products
    • Working on signaling first-level dependencies from Makefile to build script
    • Planning to use local repos to resolve second+ level dependencies
    • Overarching goal is to shift from per-component/per-platform build script to generic build script
    • Updated Amazon Linux 2 Docker image to latest (20210326)

Marvin


Phil

  • Minor plugin changes.
    • Jar sealing
    • DuoOIDC plugin updates to support the latest Duo WebSDKv4
    • Removed retrofit and okhttp from the IdP (java-parent) and added them to the DuoOIDC plugin package. Looking at releasing this as 1.1.0, but only after the next version of the IdP is released.
      • Any security issues for v 1.0.0 can go into a 1.0.x release. 
  • Some plugin download location and version testing
  • Started looking at PrivacyIdea
    • Pretty cool, most auth token mechanisms sit behind a three 'mode' API facade (as Scott previously mentioned). 
    • Have it set up and enrolling various security keys. Interested in the webauthn function - but there are plenty of auth token options.
      • Even with the facade, there are still some differences (client-side) for some of the methods.

...

Lots of minor changes for the next minor/major release.  Two open questions

  • Jira Legacy
    serverShibboleth JIRA
    columnIdsissuekey,summary,issuetype,created,updated,duedate,assignee,reporter,priority,status,resolution
    columnskey,summary,type,created,updated,due,assignee,reporter,priority,status,resolution
    serverId180d847f-bce4-36b2-9964-771bff586829
    keyIDP-1811
    • Do we have the right to change the default behavior of the Attribute Resolver wrt Display Information(especially given that no-one will notice)?
    • This would allow us to actively deprecate & log as deprecated a lot of old methods which are there solely to support IdPAttributes carrying DIsplay Information.
  • Jira Legacy
    serverShibboleth JIRA
    columnIdsissuekey,summary,issuetype,created,updated,duedate,assignee,reporter,priority,status,resolution
    columnskey,summary,type,created,updated,due,assignee,reporter,priority,status,resolution
    serverId180d847f-bce4-36b2-9964-771bff586829
    keyIDP-1813
    • There is an impedance mismatch between the CLIs (which use System.out.println) and much of the installers (which need to have the ability to log verbosely).
    • How to square the circle?

...