Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Version History

« Previous Version 11 Next »

Shibboleth Developer's Meeting, 2023-04-07

Call Administrivia

09:00 Central US / 10:00 Eastern US / 15:00 UK / 17:00 FI

Calls are normally the 1st and 3rd Fridays of each month. Next call would be Friday 2023-04-21. Any reason to deviate from this?

60 to 90 minute call window.

Call Details

This week's call will use the Zoom system at OSU, see http://shibboleth.net/pipermail/dev/2023-April/011076.html for conference details.

AGENDA

  • Ian Young : With separate -testing modules, can we consider nuking the -test JARs and their Javadoc?

  • Scott Cantor : Ratify decision to make NonnullElements implied default and use NullableElements annotation for exceptions? Should we consider NonnullAfterPreInvoke and NonnnullAfterPreExecute to clean up actions and handlers?

  • Tom Zeller : Bump Maven to 3.9.1 and Surefire plugin to 3.0.0 – sound ok ?

  • External request for discussion of the challenges of supporting FIDO

Attendees:

Brent

Daniel

Henri

  • JCOMOIDC-41 - Getting issue details... STATUS

    • The same complete JWT security tests are now used for testing request objects too - one more bug was found regarding the exclusion of decryption algorithms

    • The logic should be stable and well tested now

  • JOIDC-142 - Getting issue details... STATUS

    • OP now exploits the new OIDC.SSO profile options: useRequestObject, signRequestObject and encryptRequestObject

    • TODO: document the combinations

  • JOIDC-147 - Getting issue details... STATUS

  • For the next release:

Ian

  • As expected, JEP 444 (virtual threads) is now proposed for Java 21. Main change from previous previews is that all threads may now use thread-local variables; there were previously some exceptions to this.

John

Marvin

Phil

Rod

  • JSSH-25 - Getting issue details... STATUS

    • AbstractIdPModule.BasicModuleResource returns an InputStream from a ClassicHttpResponse which is then left dangling. Does it need attention?

Scott

  • IDP-2069 - Getting issue details... STATUS

    • Making way through more complex parts of OpenSAML, down to saml-impl now except for XACML modules

      • Should we excise the XACML code at some point?

    • Tightening “most” helper/support APIs to be nonnull at least on input

    • Tightening some inconsistent contracts with XMLObject layer:

      • All non-collections nullable

      • Typed and wildcard collections Nonnull Live (and NonnullElements)

      • The generic marshalling helper getOrderedChildren Nullable, NotLive (and NonnnullElements)

      • Not thrilled with Boolean approach (two layers of nullable objects) but not sure worth changing

        • Does have inconsistent “defaulting” behavior because a null XSBooleanValue leads to default but an empty XSBooleanValue leads to a null

Tom

  • Work on Tomcat tests

Other

  • No labels