Shibboleth Developer's Meeting, March 29, 2013
Attendees:
Call Administrivia
Next call is next Friday.
Suggest a 60 to 90 minute call window, so 10 to 15 minutes per person.
Brent
AI: Security advisory for HTTP client issue in V2.
Daniel
Work : Spring wiring for LDAP data connector ?
Ian
Work: Pending XmlSecTool 1.2.0 release.
Rod
Work : Attribute Scripting Environment
- Scripting API adjusted as discussed in development mail list.
- Preliminary documentation written, then updated appropriately. As usual, this took longer than anticipated.
- Legacy classes written, testing ongoing. Checkin by Apr-1,
- Still some issues with cobatura, but aiming to get code coverage and thus enhance testing
Next week: Look at Attribute Resolver configuration parsing.
Scott
AI : Further thoughts on setting up an Active Directory VM for integration/unit tests ?
Work : Pending IdP 2.4.0 release.
- Another round of dependency updates, mostly logging, think I'm done.
- Issue: Remove scripting engines? Wait for 3.0?
- Mike G finishing up login page changes and helping with some testing.
- Release dry run next week?
Work : AACLI
- Command line shell with jcommander, Spring loaded logging, Velocity, ParserPool, Webflow container
- Issue: OpenSAML init / parser injection?
- Remove dependence on Xerces/Xalan? Security manager changes based on parser used.
- Working on refactorization of Actions:
- Copied ProfileRequestContext into opensaml-messaging-api
- Created EventContext, new type of context subclass to use as "output" of Profile Actions designed for flow action use
- Created ProfileAction and AbstractProfileAction to operate on ProfileRequestContext (a la MessageHandler operating on MesageContext)
- Suggest we create SpringContext to carry Spring/Webflow-specific objects, HttpServletContext to carry Servlet request/response, switch to context-based input/output contracts between components
- Will create a ProfileActionWebflowAdaptor (or some such) that wraps a ProfileAction, populates Spring/HttpServletContexts, executes action, checks for EventContext and wraps/returns Event
Tom
AI : Email list regarding Active Directory test instance ? Prefer our own.
AI : Figure out establishing a handful of alpha testers ?
AI : Read https://github.com/serac/shibboleth-idp-ext-cas
AI : Documentation for getting started with writing actions for profile handlers ?
Work : Attribute Filter design and spring wiring.
TODO : Clean up Spring wiring pattern in idp-attribute-resolver-spring and idp-core.
TODO : Fix broken Jenkins project hierarchies.
TODO : Figure out how to purge local maven repository when building some jobs in Jenkins.
Jenkins now displays links to Javadoc for the java-identity-provider and java-opensaml projects.
To what extent can we modify schemas ? Suggested to Daniel that we can add to a schema as long as we preserve backwards compatibility. Is this correct ?
Should -api modules have .api in package name ?
Decisions
Coding convention : getLdapUrl or getLDAPURL
With Brent favoring getLdapUrl and Scott seeming to agree for predictability, do we have consensus on getLdapUrl ?
Refactoring volunteers ?