Shibboleth Developer's Meeting, 2025-01-17

Call Administrivia

09:00 Central US / 10:00 Eastern US / 15:00 UK / 17:00 FI

Calls are normally the 1st and 3rd Fridays of each month. Next call would be Friday 2025-02-07. Any reason to deviate from this?

60 to 90 minute call window.

Call Details

This week's call will use the Zoom system at GU, see ZoomGU for access info.

AGENDA

1. Post-TechEx catch-up

2. Board updates

3. (Brent) Zoom AI features?

Attendees:

Brent

• JSATTR-6: SAML AttributeQuery DataConnectorOpen

  • Just before leaving on winter break ran into a (hopefully minor) problem with adding Assertion validation. Existing code is built on use of ProfileRequestContext. Hopefully can just widen that to InOutOperationContext, which should fit this new use case.

Daniel

• Nothing to report

Henri

• JOIDC-222: Support for OpenID FederationIn Progress

  • Current status for automatic registration PoC in the authorization endpoint

    • Trust chain resolution via metadata caches

    • Selection of the shortest local policy -compliant trust chain (via customizable function)

      • Trust Mark requirements may be configured on per Trust Anchor basis (OIDFED.AutomaticRegistration profile)

    • Metadata is currently stored via similar StorageService-backed ClientInformationManager as in dynamic client registration

      • Currently finishing PoC on an alternative that avoids storage by basing on metadata caches on all endpoints

        • Authorization code and access/refresh token claims sets carry the selected trust chain

  • Other work items:

    • Metadata policy handling

      • Null handling, minor operator changes (add/value at least), order of custom operators

    • Explicit registration - especially if considered important by community

    • Federation policy constraints

    • Test automation - my local tests currently exploits GEANT testbed

Ian

John

• SSPCPP-995: Remove intermediate per-component builder imagesResolved

  • Fixed up the interactive build container

• SSPCPP-991: RPM's for systemd based RHEL/clone distros include unnecessary deps on legacy sysv initscript packagesResolved

• SSPCPP-999: Explore possible use of newer GCC on CentOS 7 / RHEL 7Resolved

• SSPCPP-1002: Remove support for SUSEResolved

• SSPCPP-1003: Remove support for RHEL 6Open

• SSPCPP-1004: Remove support for Amazon Linux 1Open

• Various image version bumps

Marvin

Phil

• WebAuthn wiki doc updates

• Some minor WebAuthn bug fixes

• Looking for a WebAuth 1.1.0 release within the next few weeks to address:

  • JWEBAUTHN-32: add a Last Used field to registration and management viewsOpen

  • JWEBAUTHN-33: Make collecting nickname during key registration optional/configurableIn Progress

  • JWEBAUTHN-36: giving a username that does canonicalize to management search leads to uncaught exceptionClosed

  • JWEBAUTHN-38: AllowUntrustedAttestation property is missing from default properties fileClosed

  • JWEBAUTHN-40: Credential repository injection/configuration is not consistentClosed

• Once 1.1.0 is out. Come back to prioritise other work.

Rod

• SP - Swapping in the java code

• SP - Working on the windows build.

  • Do we want a CI job?

• Use of WinHttp

• JSATTR-41: Look to make the ScriptedDataConnector CachedResolved

Scott

• SP ongoing

  • Substantial work on the configuration and reused legacy components done with tests (RequestMap, some of the AccessControl support)

  • Some renaming/refactoring done to migrate terminology to “Agent” from “SP”

  • Building on Mac, close to building on Windows without any runtime dependencies

  • Next major milestone is to get new agents loading on Apache, IIS (without doing anything yet)

  • Started work on curl-based RemotingService

Tom

• troubleshooting failing tests

Other