October 2018 - Idpy-discuss

Agenda: idpy developers call, 30 October 2018

by hlflanagan＠sphericalcowgroup.com

Date: Tuesday, 30 October 2018 Time: 13:00 UTC (note time zone changes!) https://bluejeans.com/655841213 Agenda: 0. Agenda bash 1. Governance update 2. PR review - Satosa (Satosa PRs - https://github.com/IdentityPython/SATOSA) - pySAML (https://github.com/IdentityPython/pysaml2) - pyFF (https://github.com/IdentityPython/pyFF) - Governance docs (https://github.com/IdentityPython/Governance) 3. AOB

5 years, 5 months

5
5
0 0

IdPy @TIIME

by niels.vandijk＠surfnet.nl

Hi all, will/should we be convening an IdPy meeting at TIIME 2019? Best, Niels -- Niels van Dijk Technical Product Manager Trust & Security Mob: +31 651347657 | Skype: cdr-80 | PGP Key ID: 0xDE7BB2F5 SURFnet BV | PO.Box 19035 | NL-3501 DA Utrecht | The Netherlands www.surfnet.nl www.openconext.org

5 years, 5 months

3
3
0 0

Notes: idpy developers meeting, 16 October 2018

by ivan.kanak＠gmail.com

Hey all, we were supposed to have the regular idpy-call today, but none showed up. We didn't send out an agenda but the meeting should happen nonetheless. So, I though I'd give everyone an update since the last call. ## Governance We finally have a governance board, consisting of 7 people. First task is to determin whether we'll go the route of requiring a CLA or CCLA for the code submitted to idpy. https://lists.sunet.se/pipermail/idpy-discuss/2018-October/000292.html Governance docs: https://github.com/IdentityPython/Governance ## pyXMLSecurity - The p11_test suite needs to find the appropriate paths for some components. The paths are not standard, but depend on where each distribution places the needed files per its package-management policy. As we cannot guarantee the location of the files on every system, the paths are made configurable through env-vars. https://github.com/IdentityPython/pyXMLSecurity/pull/52 - Travis skips p11_test suite because not all components are being installed. Getting all components in place is not enough, as travis runs an Ubuntu version (Trusty/14.04) that does not package softhsm2/libsofthsm2. Until travis updates the test environment with a newer ubuntu version, the tests will fail. This will be put aside until there is an update from travis-ci. https://github.com/IdentityPython/pyXMLSecurity/pull/53 ## pysaml2 - Another issue showed up on pyXMLSecurity that is really a problem with pysaml2. I've documented the problems on the issue. What it boils down to is that C14N does not canonicalize namespace-prefixes and they become an important part of the resulting signature. Any modification of the namespaces will cast the signature invalid. On the other hand, the xml-namspace spec says that prefixes are non-important and apps should not depend on them. The builtin xml parser for python does not preserve namespace prefixes. This results in cases where signatures fail to be verified (when the document is exactly the same except for the namespace-prefixes). Do read the issue, and the linked paper, if you're interested in learning more. https://github.com/IdentityPython/pyXMLSecurity/issues/55 https://github.com/IdentityPython/pysaml2/issues/551 - The pull request by Martin has been merged (thanks!), and it's the first in series of commits I'd like to do, that stops pysaml2 from mapping attribute names to attribute friendly-names (or vice versa). Attribute friendly names should be preserved when given, but only attribute-names should be used to identify attributes. Friendly names should not appear where not requested - they are optional and inconsequential. https://github.com/IdentityPython/pysaml2/pull/548 More info: https://github.com/IdentityPython/pysaml2/issues/549 - Branching from above, there was a discussion around how configuration management and deployment works. https://lists.sunet.se/pipermail/idpy-discuss/2018-October/000290.html - Support for encrypting attribute values encoded in unicode landed by Johan (thanks!). This PR reveals inconsistencies between the callers of certain functions. I think the arguments types are one of the greatest sources of pain in pysaml2. There way too many functions that just accept args or kwargs and until you go deep in the stack you cannot know whether there is something of value passed through those. Then there are arguments that can be of two or more types which lead to many checks and divergence in the code that handles them. I would really like to get rid of all *args and **kwargs arguments and convert them to named arguments. That would reveal whether there is a way to improve the interfaces without breaking the existing code (I am not very optimistic about that.) https://github.com/IdentityPython/pysaml2/pull/550 - Finally there is a new request to allow '--id-attr' option that is passed to xmlsec1 to have multiple values. This seems like a reasonable request and should be easy to implement. https://github.com/IdentityPython/pysaml2/issues/552 ## Satosa - Last time we talked about removing the hashing behaviour that satosa enforces, unconditionally. Work has been done on the refactor-internal-hashing branch: https://github.com/c00kiemon5ter/SATOSA/tree/refactor-interal-hashing This change touches many things that we did not consider initially, like the internal data representation, and configuration options like 'hash'-attributes. I already have a micro-service to replace the previous behaviour while making the process a lot more flexible. It will be on that branch soon. That's all for now. If you have feedback, or want to add more information on any of those topics, I encourage you to do so. Either here, or at the appropriate issue/conversation on github. Cheers, -- Ivan c00kiemon5ter Kanakarakis >:3

5 years, 6 months

2
1
0 0

Identity Python Board of Directors

by hlflanagan＠sphericalcowgroup.com

Hola a todos! There were no objections to the initial board slate, nor to adding two more seats to the board. As of today, the list of nominations are: * idpy chair for 12 months = Ivan Kanakarakis * at-large for 12 months = Roland Hedberg (independent) * at-large for 24 months = Heather Flanagan (SCG) * regular board member for 12 months = Mike Jones (as a link to the OpenID Foundation) * regular board member for 12 months = Chris Whalen (NIAID, as a representative of the research community) * regular board member for 24 months = Christos Kanellopoulos (GEANT) * regular board member for 24 months = Leif Johansson (SUNET) The draft statues (https://github.com/IdentityPython/Governance) have been updated to include the additional seats, and a final copy will be approved by the board when it is seated. Also on the early agenda for the board: determining whether or not we'll go the route of requiring a CLA or CCLA for the code submitted to idpy. If anyone has any questions, comments, or concerns, please let me know by the end of this week. Thanks! Heather

5 years, 6 months

1
1
0 0

pysaml FriendlyName merge and pip

by martin＠surfnet.nl

Hi, I just redeployed our satosa setup after rebasing our fork to upstream, so that setup.py pointed to pysaml2 without any version restriction and expected my PR to be reflected in the virtualenv site-packages for saml2 egg. But the attribute_converter.py file still tries to get the name from friendly_name? pysaml2 seems to be 4.5.0, looking at the dist-info directory. How long does it generaly take for merged PR's to be available for pip install? Does this require a release and if so, when will this happen? Best regards, Martin

5 years, 6 months

2
5
0 0

Agenda: idpy developers meeting, 1 October 2018

by hlflanagan＠sphericalcowgroup.com

Date: Tuesday, 2 October 2018 Time: 13:00 UTC https://bluejeans.com/655841213 Agenda: 0. Agenda bash 1. Governance and nominations: what does that mean / how we move forward (e.g., with CLA and other CommonsConservancy) / etc - Expanding the board by 2 - Timing 2. PR review - Satosa (Satosa PRs - https://github.com/IdentityPython/SATOSA) - pySAML (https://github.com/IdentityPython/pysaml2) - pyFF (https://github.com/IdentityPython/pyFF) - Governance docs (https://github.com/IdentityPython/Governance) 3. AOB

5 years, 6 months

3
3
0 0

2024

2023

2022

2021

2020

2019

2018

2017

Idpy-discuss October 2018