Shibboleth Developer's Meeting, 2021-07-02
Call Administrivia
09:00 Central US / 10:00 Eastern US / 15:00 UK / 17:00 FI
Calls are normally the 1st and 3rd Fridays of each month. Next call would be Friday 2021-07-16. Any reason to deviate from this?
60 to 90 minute call window.
This week's call will use the Zoom system at GU, see ZoomGU for access info.
AGENDA
- Atlassian provisioning options
Attendees:
Brent
- Back from vacation. No progress to report. Next up is continuing to look at the Java socket server question.
Daniel
Henri
-
-
JOIDC-21Getting issue details...
STATUS
- High-level planning at: /wiki/spaces/DEV/pages/1213038673
- Functional PoC for the admin flow & CLI
- Access token encoding/encryption: the current method used for Authz codes and access/refresh tokens rely unnecessarily to Nimbus
Ian
- Java 17: now being tested in
-multi
jobs; all seems well.- Nashorn 15.3: "The most notable change is that Nashorn now works with JDK 17.", see see https://twitter.com/OpenJDK/status/1410603091490054166
- This is something to do with
Unsafe.defineAnonymousClass
I think, not clear why we aren't seeing issues in-multi
jobs.
- SKS (PGP/GPG) keyservers are defunct (RTBF/GDPR, apparently). Acronyms much?
John
- Not much to report. Started to look at AWS container options for cloudifying cpp-linbuild.
Marvin
Phil
- - JDUO-47Getting issue details... STATUS added test, fixed, and deployed 1.1.1 of the Duo plugin
- Maven cleanup
- OIDC-RP
- Slow progress, hopefully have more time now the Maven stuff is done.
- Spent a small amount of time on Webfinger for OP discovery - can not see much support for this.
- The plugin probably should provide some support? to support OP discovery on the flow (like SAML proxying does with IdP disco).
- Strategy-based lookup for now.
- Test
Rod
- JPAR-175Getting issue details... STATUS
- 'test' to check against our poms is complete and in place. Scott Cantormade some changes to our parent pom.
- 'test' to check war contents signing is ongoing.
- We are going to have to have a conversation about jar signing & supply chain attacks.
Scott
- Started wiki migration, member pages "in production"
- - JPAR-175Getting issue details... STATUS
- - JPAR-176Getting issue details... STATUS
- A few more 4.2 odds and ends
Tom
- Regrets - will miss call
- Green lights on browser tests
- Run latest-browsers vs latest-Jetty vs IdP-latest and IdP-next nightly ?
- don't need to re-run tests against static versions
- Sauce Labs tests are slower than local headless Firefox
- Run latest-browsers vs latest-Jetty vs IdP-latest and IdP-next nightly ?
Other