2021-05-07

Shibboleth Developer's Meeting, 2021-05-07

Call Administrivia

09:00 Central US / 10:00 Eastern US / 15:00 UK / 17:00 FI

Calls are normally the 1st and 3rd Fridays of each month. Next call would be Friday 2021-05-21; any reason to deviate from this?

60 to 90 minute call window.


Call Details

This week's call will use the Zoom system at GU, see ZoomGU for access info.


AGENDA

  1. Release plans

Attendees:


Brent


Daniel


Henri

  • JOIDC-44 - Getting issue details... STATUS
    • Deep dive into the attribute registry & transcoders
  • JCOMOIDC-19 - Getting issue details... STATUS
    • In practise the Nimbus release-cycle means that if we need a bug-fix, it's always a minor update for us 
  • JOIDC-42 - Getting issue details... STATUS
    • About half is done with the latest Nimbus dependencies, I don't foresee issues

Ian


John

  • cpp-linbuild
    • Can generate manifests of RPM/SRPM products
    • Working on signaling first-level dependencies from Makefile to build script
    • Planning to use local repos to resolve second+ level dependencies
    • Overarching goal is to shift from per-component/per-platform build script to generic build script
    • Updated Amazon Linux 2 Docker image to latest (20210326)

Marvin


Phil

  • Minor plugin changes.
    • Jar sealing
    • DuoOIDC plugin updates to support the latest Duo WebSDKv4
    • Removed retrofit and okhttp from the IdP (java-parent) and added them to the DuoOIDC plugin package. Looking at releasing this as 1.1.0, but only after the next version of the IdP is released.
      • Any security issues for v 1.0.0 can go into a 1.0.x release. 
  • Some plugin download location and version testing
  • Started looking at PrivacyIdea
    • Pretty cool, most auth token mechanisms sit behind a three 'mode' API facade (as Scott previously mentioned). 
    • Have it set up and enrolling various security keys. Interested in the webauthn function - but there are plenty of auth token options.
      • Even with the facade, there are still some differences (client-side) for some of the methods.


Rod

Lots of minor changes for the next minor/major release.  Two open questions

  • IDP-1811 - Getting issue details... STATUS
    • Do we have the right to change the default behavior of the Attribute Resolver wrt Display Information(especially given that no-one will notice)?
    • This would allow us to actively deprecate & log as deprecated a lot of old methods which are there solely to support IdPAttributes carrying DIsplay Information.
  • IDP-1813 - Getting issue details... STATUS
    • There is an impedance mismatch between the CLIs (which use System.out.println) and much of the installers (which need to have the ability to log verbosely).
    • How to square the circle?

Scott

  • Atlassian Adventures – worst Disney ride ever
    • Jira hung during last update attempt
    • We do have an offer from Internet2 to migrate to a Data Center instance with SSO support
    • Made some progress spelunking the database and managing to rename accounts via SQL – my thought was to do this for all accounts with email addresses to rename them to the email address before a conversion to Cloud, but we'd have to orphan or dummy-associate all other issues and comments
    • Going to start with some trial Confluence migrations since the account issue is less acute
  • SSPCPP-926 - Getting issue details... STATUS
    • Successful experiment to replace XML serialization of IPC with  a text-based record-oriented syntax
    • Working all week on understanding the character encoding implications of using Java on the other end, extremely convoluted
    • Next steps:
      • Implement some form of this in Java
      • Built a prototype socket server on top of a Spring ApplicationContext
      • Start sketching out the service APIs needed for some of the functionality, particularly configuration file processing
  • Board requests for a skills matrix and an updated roadmap

Tom

  • GEN-286 - Getting issue details... STATUS  Status update, Scott ?
  • IDP-1632 - Getting issue details... STATUS  Tests pass
  • Are we ok with the Sauce Labs Terms of Service ?
    https://saucelabs.com/terms-of-service
    We have Open Sauce, which is free for open-source projects and allows us to test browsers.

Other