2021-04-16
Shibboleth Developer's Meeting, 2021-04-16
Call Administrivia
09:00 Central US / 10:00 Eastern US / 15:00 UK / 17:00 FI
Calls are normally the 1st and 3rd Fridays of each month. Next call would be Friday 2021-05-07. Any reason to deviate from this?
60 to 90 minute call window.
This week's call will use the Zoom system at GU, see ZoomGU for access info.
AGENDA
- Vulnerability statements on SecurityAdvisories page?
- Atlassianopalypse
- SP 3 Design Notes
Attendees:
Brent
- Nothing to report.
Daniel
Henri
-
-
JOIDC-42Getting issue details...
STATUS
- The only failing test (before 3.0) now succeeds after updating Nimbus oauth2-oidc-sdk to 9.2.4
- The dependency is managed by java-oidc-common (currently 9.1)
- Next topic?
Ian
- Dependencies for 4.1.1?
John
- cpp-linbuild
- Continue to try to bend Docker to my will for the purposes of having non-awful "clean" targets
- Starting to factor version out of spec files to facilitate pre-release test builds
Marvin
Phil
- Took some leave - so nothing concrete for a while.
- Have been looking into webauthn using my CTAP2/FIDO2 authenticator for passwordless auth for some of my other services.
- Lots to process, registration and authn ceremonies, CTAP1 v CTAP2, FIDO Metadata Services, different libraries (Yubico and Duo to name a few) etc.
- Bit out there, not sure if there is anything useful to contribute back Shib side that people do not already know - happy to if desired.
- Need to update my Duo plugin to include the latest Duo SDK which allows flipping duo_code back to code (and some other cosmetics).
- Should I follow a release process for the plugin e.g. change, snapshot testing for X period, release, then announce somewhere? apologies if I should know this.
- Updated the archetype from some suggestions from Rod.
Rod
- - IDP-1597Getting issue details... STATUS
- Deferrable discussion: Explicit use of a
Supplier<HttpReXXX>
rather than the bare type across the IdP - IDP-1793Getting issue details... STATUS - Deferrable discussion: Currently assuming that we are keeping new function in feature branches, Can we decide on a process for documentation of new function.? This would allow us to move cases to "Complete"?
Scott
- Bug follow up
- Windows SP update
- Testing out SP build scripts
- Shower thoughts on SP
- Atlassian Cloud
Tom
- integration tests
Other