Shibboleth Developer's Meeting, 2022-12-16

Call Administrivia

09:00 Central US / 10:00 Eastern US / 15:00 UK / 17:00 FI

Calls are normally the 1st and 3rd Fridays of each month. Next call would be Friday 2023-01-06. Any reason to deviate from this?

60 to 90 minute call window.

Call Details

This week's call will use the Zoom system at OSU instead of the usual. See http://shibboleth.net/pipermail/dev/2022-December/011047.html

AGENDA

Add items for discussion here

• (PS) TechEx takeaways - if people want.

  • FedCM (this stands for “F$$^& every damn commercial monopoly” as of now)

• 4.3 schedule, backlog

  • Feature freeze end of 2022, eye to ship mid Jan

• Board meeting summary

Attendees:

Brent

Daniel

• https://shibboleth.atlassian.net/browse/IDP-2035

  • Fix commit in v5, fix in flight for v4

• https://shibboleth.atlassian.net/browse/IDP-1950

  • Moving on to this issue next for v4

Henri

• • Signature validation mostly done: OAuth2Client (token/introspection/revocation) + request objects

  • Now working on signature signing, encryption and decryption

  • Flow tests need to be improved

Ian

• Java 20 is now in Rampdown Phase One, i.e. feature complete:

  • Mainly incubating features and previews.

  • Now -multi testing against this for both Java 11 and Java 17 stacks.

  • Still possible that virtual threads will be finalised for Java 21 LTS in September (second preview in Java 20).

• Baby’s first Java bug report:

  • Process was interesting.

John

Marvin

Phil

• TechEx

• Tightening up ID token validation in the RP.

• Next, going to improve the authentication request parameter encoder.

• Possibly release a 0.9.0 next week as a further prompt/call for testers

Rod

• Windows Installer stuff. Mostly the “dedicated account for Jetty” but also some usability and jetty ugrade work

• Starting on null stuff for V5 but prioritizing V4.3 stuff as it comes in

Scott

• • 4.3 work complete, no feedback on fields as of yet

• Upcoming advisory

Tom

nothing to report

Other