2021-03-05

Owned by Ian Young
Last updated: Jul 29, 2021
2 min read

Shibboleth Developer's Meeting, 2021-03-05

Call Administrivia

09:00 Central US / 10:00 Eastern US / 15:00 UK / 17:00 FI

Calls are normally the 1st and 3rd Fridays of each month. Next call would be Friday 2021-03-19. Any reason to deviate from this?

60 to 90 minute call window.


Call Details

This week's call will use the Zoom system at GU, see ZoomGU for access info.


AGENDA

  • Shibboleth UI / V4.1 (Mike Grady)
  • Unrelated to the new way of updating PGP_KEYS we have the question of how to sync its contents into projects which carry a copy around, e.g., IdP plugins?
  • PGP_KEYS: retiring old / less secure ones to an "OLD" key file?
  • Freeze for non-showstopper code on 3/12
    • Hope Spring 5.3 patch is out the week of 3/15
    • Release the week of 3/22

Attendees:


Brent

  • OSJ-82 - Getting issue details... STATUS
    • Done! Yay.
    • Long story short: The W3C xmlsec group shutdown in Dec 2016, so no-go on the mail list.  No new people can join.  But I'm certain that in the code we should allow both direct data encryption and key wrap.  If we want to force wrap at some point, we can do in config.
    • Since I did the interfaces to support both algos, I'm now also 99.5% done with implementing classic Diffie-Hellman. One pesky issue with DHKeyValue which I think is either a conceptual mistake in the spec or a serious oversight in Java.
  • OSJ-328 - Getting issue details... STATUS
    • Unless/until Scott's testing shows it's not fixed, then I don't know what else we can do here, pending more real world testing.
  • OSJ-332 - Getting issue details... STATUS
    • Recently noticed somebody marked this as fixVersion = 4.1.0.  Not me, and based on his comments probably not Scott... The OP?  Do we even want to do this?
  • Are people using any local config in Eclipse to warn on fatal Javadocs errors?  If there is a config that makes sense, should we consider putting that in as .settings as per-project config?


Daniel

  • Nothing for today.

Henri

  • Testing, minor fixes and Alpha releases for the OP plugin
  • JOIDC-42 - Getting issue details... STATUS
    • Progressing well: some minor improvements needed to make test suite happier: e.g. (back-channel) error message contents

Ian

  • IDP-1761 - Getting issue details... STATUS
  • GEN-276 - Getting issue details... STATUS
  • Consequent on GEN-276, inventorying keys and thinking about improvements.

John

  • cpp-linbuild:
    • enabled Docker image rebuild upon build script changes
    • factored RPM macros out of Dockerfiles
    • working on implementing "clean" targets

Marvin


Phil

  • Sorted my PGP key. Thanks to Ian for all the help.
  • JDUO-31 - Getting issue details... STATUS
  • JDUO-34 - Getting issue details... STATUS  improve field/state guarding for shared classes.
  • Released 0.9.1 of the Duo plugin, and 0.0.3 of the oidc-common plugin.


Rod

  • Nothing of note (a couple of installer fires)


Scott

  • SSPCPP-911 - Getting issue details... STATUS
  • IDP-1756 - Getting issue details... STATUS
  • Finished first round of OIDC docs
  • Started testing with mod_auth_oidc
  • JOIDC-36 - Getting issue details... STATUS

Tom

  • nothing really, clearing space to dig into testing

Other