January 2025 Update

Created by Scott Cantor
yesterday at 1:55 pm
2 min read

This is a light update as most of the last month has been holiday vacation time and prior to that the Internet2 TechExchange conference in Boston.

As planned, version 1.0 of the WebAuthn plugin was made available prior to the conference, and work on bugs and small enhancements is ongoing there.

Work is underway on our implementation of OpenID Federation, and in fact Shibboleth is being used at scale in some early deployments in Italy (over 2 million users in the first week!), more on that as I get some information about it. As the planning and profiling around OpenID Federation picks up in the R&E sector, we will certainly be actively tracking and delivering work in this area to support those experiments.

This year we will likely start work defining public APIs in the IdP for accessing the various different types of stored data the IdP supports, such as consent records, WebAuthn credentials, sessions, etc. This will allow independent software components to access and manage these objects in a supported way, and allowing a separation between the IdP itself and any UI work we undertake. More to come on that.

At my update at TechExchange, I mostly focused on drilling down into the SP redesign work to try and communicate as much as I can about what that’s going to look like. You can find those slides at https://shibboleth.net/documents/20241210-cantor-ShibbolethUpdate.pdf

I can happily report that work has been ongoing over the holiday period tearing down and beginning to build back up functionality in the SP code base. In particular, I’ve successfully re-implemented some of the configuration likely to remain XML-based on top of a new foundation that doesn’t require any XML runtime dependencies, as well as beginning to plan and build out a new configuration layer for the agents. Much of the high level code refactoring and class renaming is done, and I am close (possibly as soon as next week) to having all of the old dependencies remediated out of the build. Once our additional libraries, xml-security-c, and Xerces are completely gone, we’ll be left with a clean build that we can begin to add the replacement functionality into.

There are a couple of new wiki pages that are worth tracking if the SP impacts you. One is a summary of what the new configuration is looking like, hopefully over time that will give you a more concrete sense of what the replacement is going to be. The other (perhaps more critically) is an ongoing list of all the features I’m expecting to be removed or changed significantly in the new version. While none of that is set in stone, and everything is ultimately negotiable, most of the changes are pretty well thought out at this point and most of them have pretty obvious workarounds I’ve noted anyway.