2021-10-15

Owned by Ian Young

Last updated: Oct 15, 2021 by Tom Zeller

2 min read

Shibboleth Developer's Meeting, 2021-10-15

Call Administrivia

09:00 Central US / 10:00 Eastern US / 15:00 UK / 17:00 FI

Calls are normally the 1st and 3rd Fridays of each month. Next call would be Friday 2021-11-05. Any reason to deviate from this?

60 to 90 minute call window.

Call Details

This week's call will use the Zoom system at GU, see ZoomGU for access info.

AGENDA

Add items for discussion here
Server - any other issues?
Maven Central : get to consensus on actionable plan (Tom)
- Do we care to know/log who uses/downloads our artifacts ? no
  - only way we can really know is to host ourselves and not on Central
- Plan is to migrate public repos from hosting with Nexus to Apache
  - To be more secure and hopefully reduce load (gotta try to find out)
  - Nexus : Index of /maven/releases
  - Apache : Index of /maven
- Need Nexus to manage snapshot metadata (although we might be able to migrate away)
- Do we want to continue to host a public snapshots repository ? yes
  - no way to control client lookups = lots of 404s
- Do we want to continue to host a public (or private) cache of Central ? no
  - (automatically proxied by Nexus, we could validate sigs using Rod’s tool)

Attendees:

Brent

IDP-1870: Detect duplicate entityIDs when ingesting metadataClosed
- Clarify Scott’s suggestion. Maybe on-use is good enough?

Daniel

Henri

JOIDC-21: Use token authentication for OIDC dynamic client registrationClosed
- The concept of metadata policy (related to RP registration) is getting more generic
  - First it was only related to registration access tokens, then also for restricting/filtering/defaulting incoming requested registration values in the dynamic registration configuration
  - Possibly also on the upcoming RP-feature for validating dynamic registration responses
- OIDCfed spec draft also defines metadata policy (see 5.1): the same structure can be used
- Phil’s metadata resolution work very useful, as metadata policies are JSON

Ian

Lots of stuff ancillary to the server move
Memory thing solved for now by addition of swap / trimming JDK heaps? Comparison with my machines:

cs-pi03	SWAP OK - 100% free (2047 MB out of 2047 MB)
cs-uf01	SWAP OK - 100% free (10174 MB out of 10237 MB)
cs-uf02	SWAP OK - 100% free (10200 MB out of 10237 MB)
d10c	SWAP OK - 100% free (5074 MB out of 5117 MB)
idm	SWAP OK - 96% free (4865 MB out of 5118 MB)
orm	SWAP OK - 100% free (10163 MB out of 10238 MB)
shib-core	SWAP OK - 90% free (3681 MB out of 4095 MB)
srv-c701	SWAP OK - 96% free (9797 MB out of 10238 MB)

John

Up to my eyeballs in project work at $OTHERJOB. Nothing to report.

Marvin

Phil (absent)

JCOMOIDC-23: Add OpenID Provider Configuration Document ResolverOpen still
- Updated the metadata cache to support the batch mode of operation as opposed to just the dynamic mode.
  - As before, dynamic supports individual entity read-through semantics, and batch supports read-ahead semantics for the entire cache.
- Merged dev branch to oidc-common mainline so Henri can have a look - will work off main from this point.
- Slow progress over the last few weeks.

Rod

Scott

Server move
Bug fixing
Starting on SP refresh
- OpenSSL 3 requires a one line Santuario fix and then hours of release work

Tom

Maven Central issues in order of priority :
GEN-299: Remove Nexus from public internetOpen

Need to research options for distributionManagement repository URL when deploying artifacts, either SSH tunneling or SCP or ?
JPAR-193: Reduce public Maven repository lookupsClosed
GEN-300: Stop uploading third party dependencies to NexusOpen
GEN-291: Research deploying artifacts to Maven CentralOpen

Other