Shibboleth Developer's Meeting, Apr 18, 2014

Call Administrivia

10:00 Central US / 11:00 Eastern US / 16:00 UK

Next call is next Friday. Any reason not to meet ?

60 to 90 minute call window.

Brent

Daniel

Ian

Rod

• Parsing Security.  Metadata parsing complete.  I'll see about building the RP service and Metadata service next
• Issues - arising from offline discussions with Brent
  • Use of Cryptacular and EOL of support code
  • Centralized KeyInfoProviders
• Documentation.  
  • A lot of this configuration has no documentation on the wiki.  
  • We are making changes
  • Now feels like a better time to get this documented than later?

Scott

• Package renaming for impl-related code
  • one diff is OpenSAML uses "common" convention for cross-version code, IdP doesn't have as much of that so I didn't copy that
• Refactored to remove ProfileException and sync up MessageHandler and ProfileAction
  
  • Would still advocate we look at removing ID requirement from these
• Progress on general error handling
  • end-state maps to a view to end flows, can't populate data into view-scope, used request scope
  • catch-all error handling at the MVC layer also "works" at initial glance
  • raised MessageHandler issue on list, tentatively planning to convert profile-specific chains into subflows
• Java 8 XML parser settings issue, semi-resolved by using LSResourceResolver as our maginot line
  • think we should move AuthnContext schemas to an add-on to default schema build, not used by metadata validation

Tom

• OSJ-69 Remove OWASP ESAPI from stack
  • Request review of HTMLEncoder
• INFRA-99 How to upload validated artifacts to Nexus
  • Request review of DRAFT instructions
  • Next : Commit simple Selenium tests in prep for uApprove v3
• Outage
• Infra upgrades ... Sunday night ?
• Talk about Spring Boot co-ord with AMAAIS ?
• Ian
  • Should I still add SVNKit dependency to Nexus once the procedure is acceptable ?
  • Did you have a chance to test SWF 2.4.0RC1 ? (assume not due to Heartbleed)

Other