Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 14 Next »

Shibboleth Developer's Meeting, 2022-10-21

Call Administrivia

09:00 Central US / 10:00 Eastern US / 15:00 UK / 17:00 FI

Calls are normally the 1st and 3rd Fridays of each month. Next call would be Friday 2022-11-04. Any reason to deviate from this?

60 to 90 minute call window.

Call Details

This week's call will use the Zoom system at GU, see ZoomGU for access info.

AGENDA

  1. Decision on destroy methods in bean files - default it or explicitly set it?

  2. (if time) Signing keys/supply chain attack defense

Attendees:

Brent

  • JSSH-16 - Getting issue details... STATUS

    • Refactoring in progress. Large chunk of java-shib-shared done. Have to do a deeper dive into some changes around TLS.

Daniel

Henri

  • Offline today

Ian

  • Spring Framework 6.0.0-RC2 and Spring Boot 3.0.0-RC1 are out. GA will be next month. No statement on SWF yet.

  • MDA 0.10 in progress.

John

  • Fargate builder

Marvin

Phil

  • RP docs and code cleanup

  • Thinking about adding a keyset endpoint to the RP like the OP - a bit more involved than I thought, but perhaps should target this for v1?

  • Thinking about dynamic registration - but not confident I could get that in place for v1.

  • Thinking about UserInfo response formats - it can be either a plain JSON object or a JWT. Signalled by Content-Type header. But this could be manipulated, not sure this is much of a problem but I have added a setting to force JWT types only (off by default so supports either).

  • Fixed up the assembly, so can be installed as a plugin to a running IdP - tested it with a fresh plugin build and sign of the commons lib.

Rod

Scott

  • Xerces 3.2.4 patch

    • Likely officially moving project to requiring C++-11

  • JSSH-9 - Getting issue details... STATUS

    • Overblown but we don’t reference impl classes anymore and I did modernize the Java random APIs

  • IDP-2023 - Getting issue details... STATUS

    • Likely the biggest hassle for upgrades to V5

  • IDP-1935 - Getting issue details... STATUS

    • Worked around this issue for now, I think we want to open up more of the decryption APIs in V5 to be Criterion-based

  • JPAR-213 - Getting issue details... STATUS

    • Updated main branch for now, we’ll likely want to move the old branch to them also

    • IDP-2027 - Getting issue details... STATUS

  • SP is being brought up to date after refactor, adding components for metadata, attribute handling

    • OSJ-363 - Getting issue details... STATUS

    • Will be working on new Session API next

    • Already built a remoted endpoint that parses XML and returns the DOM mapped into remotable objects so agents can deliver their configurations to the service for processing

Tom

  • updating certs in integration tests for V5

Other

  • No labels