2013-03-15
Shibboleth Developer's Meeting, March 15, 2013
Attendees: Scott, Ian, Rod, Brent, Tom, Daniel
Maven Snapshot Behavior
Do undated snapshots trump dated snapshots? Getting mixed up builds due to local builds vs. Nexus snapshots. Brent thinks it may be a Maven option we could set, or might be a POM thing. Meantime, beware if you have build issues, try cleaning the repo out.
This looks ugly (Scott ed. note). Will need to figure this out.
Call Administrivia
Agreement to keep this as a standing call. Tom will have touch bases with other V3 devs as well.
V3 Discussion
Tom's been working on Spring wiring, sent a note asking for feedback on approach to porting V2 wiring. Can we just port stuff over with little refactoring?
Scott: seems necessary to me, not much hope of drastic improvement of existing components.
Tom: also concerned about people with existing extensions
Tom: Rod/Daniel, interest in helping with wiring? Both agree. Scott will take a stab at the porting of the AACLI command line shell itself.
Any needs/feedback from Daniel/Rod?
Daniel: checked in minor change to add a Validator interface for LDAP connector, will reuse for RDBMS connector. Feel free to rename classes to match naming conventions. I lean toward shorter names these days. Validators currently public inner classes, thinks it will be hard to do a robust validator without class access. Scott should review for fail-fast override capability.
Daniel: found a lot of test scaffolding for the RDBMS connector, expect to check in something in a day or two. Where to next?
Tom: thinking we should talk about the Spring wiring for the connectors, trying to lose the factory beans. Will talk by early next week.
Active Directory testing? Could use Penn State host, but could be firewall issues depending on what we need. Worth asking the community for ongoing test instance(s)? Tom will chew over and send something out.
Rod: Filter code mostly done, expecting to finish with test coverage by middle of next week. Want to move on to scripting environment for V2 compatibility. Also need to do some docs on this for the alpha release.
Scott: Wondering if we really can't just include the edu.internet2 classes and post-process them on the way out?
Rod: Maybe, need to see how it all looks in the code
Side discussions of git usage, and how we might decide on including third party code with the V3 release.
V2 Discussion
Brent: Hostname fix seemed to be pretty easy, not sure about testing things.
Daniel: Have some tests, ugly ones, to verify some of the JSSE behavior.
Brent: Problem was I found a really bad problem with the socket factory being set globally for a scheme like https. Was looking at maybe subclassing the HttpClient to override things, but nothing's documented. Will determine this today hopefully.
Scott: scope of issue affects current IdP, and just affects metadata and configuration resource loading, we'll have to balance work with impact of the issue.
Brent: could maybe move to HttpClient v4, but that could impact some of our APIs. General consensus this is probably not realistic.
Scott: Completed some testing of Velocity changes, looks like it's working. Also added Unicon's patches for NotBefore omission, and SAML binding template changes to allow injection of content by deployer. Tag lib change tested by Lukas.
Left to do: possibly update Santuario to 1.5.4 just voted out today. More testing. Login page changes from Unicon. Final fix for hostname / HttpClient issues. Also possible change to fix NodeList issue.
Scott: forgot about NodeList bug, will work on this. Some question as to how wise it is to try and fix when the IdP seems unaffected by it, will report back.
Project Administrivia
Scott: board meeting mostly focused on finishing charter and related documents. Provided developer approved rules for committer membership back for inclusion. Next board meeting is early April, and a face to face at the Spring I2MM.
Schedule for Spring is Sunday 12-3 and Monday 8-12, Board meets Sunday 3-6. Likely just Scott/Brent, possibly Daniel, to help review message context work or anything else worth banging on.