Shibboleth Developer's Meeting, 2019-08-02

Call Administrivia

09:00 Central US / 10:00 Eastern US / 15:00 UK / 17:00 FI

Calls are normally the 1st and 3rd Fridays of each month. Next call would be Friday 16th. Any reason to deviate from this?

60 to 90 minute call window.

Call Details

This week's call will use the Zoom system at GU, see ZoomGU for access info.

AGENDA

IDP-1472 - Getting issue details... STATUS

(Rod)
- Do we have a definitive list (of characters to bar)
- What to do about Transcoders (is their work to map bad characters)?
IDP-1181 - Getting issue details... STATUS

(Rod)
- See my summary
- Where do we want fast fail to end up?
Jetty version. This is still pinned to 9.2
- Empirically the CAS tests run ok with 9.3
- The testbed documentation Explicitly says 9.3 Does 9.4 work? Can this page be made formal?
- IDP-1304 - Getting issue details... STATUS

Brent

OSJ-187 - Getting issue details... STATUS

- Were there any additional requirements for this?
IDP-1461 - Getting issue details... STATUS

- Just a little left to do

Daniel

Henri

Ian

Marvin

Phil

10 days off, no progress.
Will continue or start
- : Deeper investigation and testing of the flow execution listener CSRF protection
- Add a test that checks the/a container does not allow session id’s in URLs when configured not to - as is the case in Jetty < 9.4.12.v20180830.

Rod

Do we care about reloading metadata providers at depth > 1 (this thread)
Installation
- Technologies? Our requirements are fixed, but there must be a better least worst technology
- Greater user control.

Scott

Tom