Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 14 Current »

Shibboleth Developer's Meeting, 2022-08-05

Call Administrivia

09:00 Central US / 10:00 Eastern US / 15:00 UK / 17:00 FI

Calls are normally the 1st and 3rd Fridays of each month. Next call would be Friday 2022-08-19. Any reason to deviate from this?

60 to 90 minute call window.

Call Details

This week's call will use the Zoom system at GU, see ZoomGU for access info.

AGENDA

  • Rod Widdowson IDP-1793 - Getting issue details... STATUS (Why, What, User configuration, plugins)

  • State of branches across the projects and release plan(s)

    • Plugin compatibility when we unlock the parent – additional testing requirements or do we just wing it?

  • Third party cookie API proposal

Attendees:

Brent

  • JCOMOIDC-41 - Getting issue details... STATUS

    • Reviewed some code for Phil.

  • IDP-1793 - Getting issue details... STATUS

    • Reviewed some changes for Rod.

Daniel

Henri

  • Back online next week

Ian

  • As yet, no upstream Spring Webflow milestone release.

  • Spring Framework 6.0.0-M5 integrated everywhere, M6 is due 2022-09-15 along with 5.3.23.

  • Commit jobs now running on CentOS7-commits instances, mostly.

    • Please review my mail to committers@ so that I don’t have to talk through this!

John

  • SSPCPP-953

Marvin

Phil

  • On leave for the meeting. Been in and out of leave for a few weeks, ending end of next week.

  • JCOMOIDC-45 - Getting issue details... STATUS

    • Small improvements to the credential resolver. I think I now need to hook up the local credential resolver to also use any public key info from ‘jwk’s inside the JOSE headers to locate corresponding private keys, in addition to the ‘kid’ (keyID) it currently uses (algorithm info is also currently used).

      • Brent might want to put me straight on that if not.

  • JOIDCRP-17 - Getting issue details... STATUS

    • See the issue for the current logic (which needs reviewing).

    • Tricky to test ECDHE-ES as the runtime does not support EC/ECB/PKCS1Padding. Also not easy to get something downstream to test it e.g. OIDC cert tests. Will try with our OP.

Rod

  • IDP-1793 - Getting issue details... STATUS I've made it an agenda item

Scott

  • xml-security-c buffer overrun

    • No exposure in library itself or SP so low priority, will get a patch released at some point

  • IDP-995 - Getting issue details... STATUS

    • Approaching this as a revocation problem due to client-side storage, with two back-ends, storage service or attribute resolver

Tom

  • Working on updating/fixing integration tests for Sauce Labs :

    • removing Sauce Labs dependency (use environment variables + Jenkins Sauce Labs OnDemand plugin for credentials instead)

    • bump to Selenium 4

    • bump to Java 17 parent

      • workaround deprecated Spring Framework method to find available ports

Other

  • No labels