2016-05-06

Shibboleth Developer's Meeting, 2016-05-06

Call Administrivia

10:00 Central US / 11:00 Eastern US / 16:00 UK

Calls are normally the 1st and 3rd Fridays of each month. Next call would be Friday 2016-05-20. Any reason to deviate from this?

60 to 90 minute call window.

 

Call Details

This week's call will use the Lync system at OSU. To participate, call:

  • +1 (614) 688-1800 (please use if possible)
  • +1 (800) 678-6114 (use only if you're charged for the 614 number)

The Conference ID is: 738127#

International participants should be able to access the 800 number without charge through Skype.

AGENDA

  1. Jetty 9.2 EOL

Attendees:

Brent, Daniel, Ian, Marvin, Rod, Scott, Tom, Misagh

 

Brent

 

Daniel

Adventures in publishing 3rd party snapshot jars to the nexus repository. Current process is to ping Tom when an update is needed.

 

Ian

 

Marvin

  • Resolved IDP-949
  • Suggest we document Webflow inheritance somewhere. I keep getting tripped up by it.

Rod

SP - VC14 (VS2015, just to confuse) conversion.  Almost done modulo the bits that aren't.

IdP - Some maintenance

EDS - Time to consider running the snapshot on shibboleth.net?   EDS-71

 I probably need help with prioritization.

Scott

Worked on a lot of development and extension documentation related to custom flows of various types, did some refactoring of flow responsibilities as I identified problems with the development model.

Note: re-did the message properties as suggested by community with all the built-in values moved into system/

MFA work sort of parked so I'm not splitting my brain, but the trendline on it was in a discomfortingly "reinvent Spring WebFlow" direction FWIW.

SP advisory issued, not much reaction as of yet, but no push back on the plan either. The security issue in JIRA was opened up since the issue is fully disclosed anyway.

Started work on SP enhancements and fixes scheduled for 2.6, slow going while I re-learn C++.

No word on either my proposed Xerces fixes or from the expected fuzzing on xmlsec. Think we should consider allocating time to build and run SP with Google's address sanitizing library built in to RH7. My expectation is the results will be very, very bad. Will be very time consuming.

Grant SoW proposal sent to Stina, no feedback as of yet.

Data point: 32-bit JVM is now unable to reload InCommon metadata when running fully loaded with that metadata plus a few local sources that are a few megs in size and under some load. Guessing more sites may be hitting that soon.

Tom

Other