Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 12 Next »

Shibboleth Developer's Meeting, 2024-07-05

Call Administrivia

09:00 Central US / 10:00 Eastern US / 15:00 UK / 17:00 FI

Calls are normally the 1st and 3rd Fridays of each month. Next call would be Friday 2024-07-19. Any reason to deviate from this?

60 to 90 minute call window.

Call Details

This week's call will use the Zoom system at OSU, see announcement for access info.

AGENDA

Attendees:

Brent

Daniel

Henri

  • JOIDC-200 - Getting issue details... STATUS

    • Currently no known issues, initial profile documentation at OPPushedAuthorization

    • JOIDC-212 - Getting issue details... STATUS

    • JOIDC-214 - Getting issue details... STATUS

    • JOIDC-217 - Getting issue details... STATUS

      • In short: with OAuth2 authorization requests, only use request object parameters. In OIDC, request object + query parameters can be merged.

  • JOIDC-201 - Getting issue details... STATUS

    • Fine-tuning the refresh token sequence (differs a bit between confidential and public clients)

  • JCOMOIDC-115 - Getting issue details... STATUS

    • Breaking change in Nimbus API makes old oidc-common (with Nimbus v10) incompatible

    • JOIDC-210 - Getting issue details... STATUS

    • Should we make the upcoming idp.oidc.common.6 -module incompatible with the previous ones? IMHO it’d need patching for RP and Duo too in order to support new commons too? Or is it satisfactory to document that if a deployer updates the commons-module, also OP needs to be updated?

Ian

John

  • Updated all Docker images to latest available

    • centos7: N/A

    • centos8: N/A

    • amazonlinux2: 2.0.20240620.0

    • amazonlinux2023: 2023.5.20240624.0

    • rockylinux8: 8.10.20240528

    • rockylinux9: 9.4.20240523

    • rhel7: 7.9-1445

    • rhel8: 8.10-901.1717584420

    • rhel9: 9.4-1123

  • SSPCPP-987 - Getting issue details... STATUS

    • Drafted patch. Passed smoke test. Still need to check on other platforms.

Marvin

Phil

  • WebAuthn Beta announced.

  • JWEBAUTHN-13 - Getting issue details... STATUS - turn off signature counter updates if you wanted to limit storage service writes.

  • JWEBAUTHN-16 - Getting issue details... STATUS - I completely forgot auditing of any kind. Easy to add to the authentication flow, more work to add to the admin flows. Almost there.

Rod

  • Jetty 12 MSI

  • Question: Where are we ready to (pseudo) fork a maintenance branch (across all repos) and move mainline to the next minor?

Scott

  • Work on member comms for roadmap/etc

    • Will publish roadmap next week, might wait until after board mtg if there is one

  • Prepping for xml-security transition, repo is public, Jira project created

  • False alarm on an SP security issue, a few fixes accumulating so considering some kind of SP refresh

  • Ongoing SP work

    • Working on some initial utility flows for storage, data sealing, RequestMap/XML parsing for agents

    • Unit tests and flow tests based on IdP’s flow test classes and configuration

    • Work on some draft docs:Remote Operations Reference

Tom

Other

  • No labels