2011-05-05
Developer Call Notes - May 5, 2011
Attendees: Scott Cantor, Jim Fox, Nate Klingenstein, Chad La Joie, Brent Putman, Fredrik Thulin, Rod Widdowson, Ian Young, Tom Zeller
IdP v2.3 Update (Chad)
- SC-151 is the remaining issue to be closed for v2.3
- Rod asked if Chad could provide a new build so that he could test the MSI build and some IdP UI items
- Brent updated the PKIX validation documentation to reflect the new features he added in that area
OpenSAML Update (Brent)
- JBoss Marshalling appears to be a good framework for serializing things like message contexts
- Brent is going to finish up the v3 code re-organization next week
Jetty SSL Connector API Changes (Scott)
- Jetty 7.3.1+ redid their SSL connector and broke our delegate-to-application extension
- Changes were documented on Jetty wiki but their shipping configuration files don't reflect the change
- Connector doesn't seem to support client-cert auth
- To get client auth we have to implement, and use, a new SSL context factory
- SSLContextFactory subclass that we develop can set certain properties (e.g., want client-cert auth)
- Jetty SSL Connector is currently spitting out megs of log files when SSL handshakes fail for some reason
Scott mentioned we probably need to be discussing changing our defaults such that we use signed messages instead of relying on TLS. A contributing factor to this is the ongoing deterioration of support client-cert in most products.
SP Installer, Next Steps (Rod)
- Rod has a desire to re-write the installer using WiX, moving away from Wyse but the current installer is mostly hanging together so there is no immediate need.
- Chad expressed concern given that Wyse has been unsupported and sold an bought a few times over the year. We are now in a position where it would be difficult to recreate our MSI build environment if our VMs were to die.
- We may use IdPv3 as a test case for building MSI's using WiX and then, if that works, move the SP to use WiX and abandon Wyse.
- Rod fixed the issue with the current SP MSI that prevented it from cleaning uninstalling
- With the aforementioned fix, in the version after next, SPs should be able to use an automatic updating
EDS 1.0.1 (Rod)
- There was a mistake in the 1.0.0 build of the EDS that needs to be corrected
- Rod has asked Scott to build a 1.0.1, on the OpenSUSE build server, using the now corrected code
- Chad will create a signed zip once the RPMs are complete
MDUI Recommendations (Rod)
- Rod asked where was the best place to put our recommendation for logo sizes
- Chad suggested that it really should go in two places:
- The documentation for the products that consume the information (the IdP and EDS)
- Federation's recommendations to their users, perhaps facilitated by REFEDS
SVN Repository (Chad)
- Our old java-security-tools SVN repository was missed during the move to the new SVN server.
- Brent has provided Chad with the dump of the old repository
- Chad has begun importing the old repository in to the new 'utilities' repository
Next Meeting:
May 19th, 1500 UTC