Developer Call Notes - May 5, 2011

Attendees: Scott Cantor, Jim Fox, Nate Klingenstein, Chad La Joie, Brent Putman, Fredrik Thulin, Rod Widdowson, Ian Young, Tom Zeller

IdP v2.3 Update (Chad)

SC-151 is the remaining issue to be closed for v2.3
Rod asked if Chad could provide a new build so that he could test the MSI build and some IdP UI items
Brent updated the PKIX validation documentation to reflect the new features he added in that area

OpenSAML Update (Brent)

JBoss Marshalling appears to be a good framework for serializing things like message contexts
Brent is going to finish up the v3 code re-organization next week

Jetty SSL Connector API Changes (Scott)

Jetty 7.3.1+ redid their SSL connector and broke our delegate-to-application extension
Changes were documented on Jetty wiki but their shipping configuration files don't reflect the change
Connector doesn't seem to support client-cert auth
To get client auth we have to implement, and use, a new SSL context factory
SSLContextFactory subclass that we develop can set certain properties (e.g., want client-cert auth)
Jetty SSL Connector is currently spitting out megs of log files when SSL handshakes fail for some reason

Scott mentioned we probably need to be discussing changing our defaults such that we use signed messages instead of relying on TLS. A contributing factor to this is the ongoing deterioration of support client-cert in most products.

SP Installer, Next Steps (Rod)

Rod has a desire to re-write the installer using WiX, moving away from Wyse but the current installer is mostly hanging together so there is no immediate need.
Chad expressed concern given that Wyse has been unsupported and sold an bought a few times over the year. We are now in a position where it would be difficult to recreate our MSI build environment if our VMs were to die.
We may use IdPv3 as a test case for building MSI's using WiX and then, if that works, move the SP to use WiX and abandon Wyse.
Rod fixed the issue with the current SP MSI that prevented it from cleaning uninstalling
With the aforementioned fix, in the version after next, SPs should be able to use an automatic updating

EDS 1.0.1 (Rod)

There was a mistake in the 1.0.0 build of the EDS that needs to be corrected
Rod has asked Scott to build a 1.0.1, on the OpenSUSE build server, using the now corrected code
Chad will create a signed zip once the RPMs are complete

MDUI Recommendations (Rod)

Rod asked where was the best place to put our recommendation for logo sizes
Chad suggested that it really should go in two places:
- The documentation for the products that consume the information (the IdP and EDS)
- Federation's recommendations to their users, perhaps facilitated by REFEDS

SVN Repository (Chad)

Our old java-security-tools SVN repository was missed during the move to the new SVN server.
Brent has provided Chad with the dump of the old repository
Chad has begun importing the old repository in to the new 'utilities' repository

Next Meeting:
May 19th, 1500 UTC