Shibboleth Developer's Meeting, June 28, 2012

Attendees: Rod Widdowson, Ian Young, Scott Cantor, Jim Fox, Tom Zeller, Paul Hethmon, Nate Klingenstien, Daniel Fisher

Agenda

Infrastructure Update

Currently Migrated

LDAP, IdP, Nexus
nexus on new hostname

Weekend Outage Post-mortem

IdP and SVN became inaccessible
- Problem was bad OpenLDAP ACL

MX records disappeared
- bug in GoDaddy UI triggered by adding A records and adjusting TTL of MX records

Upcoming Migrations

IdP to new hostname
- all set up and metadata changed - just using a temp file for our SPs at the moment
- just waiting for A record change

Website
- Everything copied over and deployment script working
- Just waiting for A record change

Mailing list
- prelim work has been done
- just need to adjust mail configuration
- waiting to hear back from Scott L (Uni Edinburgh mail manager)
- need to think about anti-span setup - probably need to do this

Confluence
- alternative 1: move things as is and upgrade to 3.5
- alternative 2: upgrade to 4.1 - requires transitioning through some intermediate version
- looks like alternative 2 should work, we'll try that and check in in two weeks
- we're about at the EOL of 3.x release cycle
- 4.1 editor isn't nearly as bad as we feared
- new markup is based on xhtml - should help if we ever need to move off

Jira
- way behind on upgrades
- Jim may have plugin for latest Jira

OpenSAML Update

Brent on holiday until July 10th
Working on new SAML encoders and decoders
Basic functionality is complete
Some additional refactoring to make full use of the new APIs remains
Need to determine remaining set of work

IdP Update

v2.3.7

completed and staged
Rod generating MSI tomorrow or Saturday
Will be announced on Monday

Async SLO

SLO protocol extension that indicates the IdP doesn't need to respond to the SP
Guarantees the IdP owns the UI and provides more freedom in processing the SLO request
Work started in OASIS, should have a draft spec by next SSTC meeting in two weeks
Extension for IdP v2 to that only destroys the IdP session
- see how much work it would be to fire off back-channel request

v3

Chad: hashing through authentication APIs, main focus on method selection
Tom: getting up to speed on web flow
Tom: working on project module that will generate the IdP WAR file

SP Update

Work Left on 2.5

Work is mostly complete and people have been testing the installer
Installer seems to be in good shape - updating seems to work as well
- no upgrade support from existing SPs - will just require an uninstall and new install
- we think we can release patches for dependencies as well (e.g., openssl)

Option Items:
- Async SLO support
- Something in the metadata generator to populate algorithm strings
  - existing runtime algo selection support in the SP should make this relatively easy
- Close out some existing bugs after more testing

Release
- another beta in two weeks
- need to release update of Santaurio library
- final release at end of July

Red Hat 5 is going to be supported until 2017: implications?

some libraries are already really old and contain bugs (e.g., libcurl DNS caching bug)
Scott uncomfortable depending on these older libs - we have ability to override libs with new releases
SP 2.5 might use new libs - Scott will raise this on the dev list

Project Roadmap

Additional items

nexus PGP signature checking plugin
Jira remote user authentication plugin
Tiqr Review
Rescope MDA 1.0 to exclude web service interface
Committers should send any additional items to the committers list so we can get them on the roadmap

Prioritization

no guidance from existing board
new board in place in August so we should be prepared to offer our opinion at the first meeting
some problem in translating Internet2 assumptions to statements to the board
major concerns about time we're spending on the infrastructure
need to have a better plan for IdPv3 especially expected release timeframe
Scott will send a note to the committers list outlining what information he needs to prepare a proposal to the new board

Connection Information

Time: 15:30 UTC

Meeting ID: 534-352-638

Web URL: https://www3.gotomeeting.com/join/534352638

Dial-in Phone Numbers
Australia: +61 2 8355 1040
Austria: +43 (0) 7 2088 1400
Belgium: +32 (0) 92 98 0592
Canada: +1 (416) 900-1165
Denmark: +45 (0) 69 91 88 62
Finland: +358 (0) 942 41 5778
France: +33 (0) 182 880 456
Germany: +49 (0) 811 8899 6975
Ireland: +353 (0) 14 845 976
Italy: +39 0 247 92 12 39
Netherlands: +31 (0) 208 080 379
New Zealand: +64 (0) 4 974 7215
Norway: +47 21 03 58 96
Spain: +34 911 82 9782
Sweden: +46 (0) 313 613 558
Switzerland: +41 (0) 225 3314 51
United Kingdom: +44 (0) 203 535 0621
United States: +1 (786) 358-5410