Notes: idpy developers call, 13 November 2018
by hlflanagan@sphericalcowgroup.com
Notes:
Attending: Heather, Ivan, Roland, Jonas L., Davide
Regrets: Scott, Martin, Christos
0. Agenda bash
1. Governance update
Board has the kick off call today.
2. idpy developers meeting @ TIIME
- agenda building
Handling of micro services (Satosa)
Handling logging, esp. with plugins (Satosa)
Handling of XML (pySAML)
Action: Heather to ask Rainer about having a side meeting
3. PR review
- Satosa (Satosa PRs - https://github.com/IdentityPython/SATOSA)
Ivan has been working on changing the internal hashing mechanisms; it is
all backward compatible but you will get deprecation warnings (PR 196).
Now have a new micro service called “hasher”.
Also worked on OIDC frontend/backend and using self-signed certificates.
(PR 197)
eduTEAMS now only has one commit difference from main branch. (PR 182)
Ivan will be working on that soon so that eduTEAMS can be using the main
Satosa repository.
A new Satosa version will be released tomorrow; big change log.
- pySAML2 (https://github.com/IdentityPython/pysaml2)
Johan had two PRs regarding Unicode attribute values that needed to be
either encrypted or signed. There may be some refactoring of this in the
future.
Ivan is now working on PR 396, related to having the ability to specify
which signature or digest method you want to use (right now you can only
do that via the configuration file).
Martin has a new PR (556) around the internal attribute conversion
between names and friendly names. Ivan agrees with those changes and
will be merging soon.
Scott has added tests to PR 485. Ivan will be merging this soon and
cutting a release.
Some new issues have been reported. 555 suggests that we put every name
in the root name space, but that doesn’t quite work in real life.
XML and XML operations - Ivan had proposed we use a separate module to
handle XML operations, which would also allow us to switch XML back ends.
- pyFF (https://github.com/IdentityPython/pyFF)
Leif will be working on separating this code into more discrete
components (e.g., discovery will become separate).
- Governance docs (https://github.com/IdentityPython/Governance)
4. AOB
OIDC federations - would like to run pilots soon. There is a python
implementation, but that’s it. Would like to have Satosa be able to
handle OIDC federations. If there is a priority list of what will be
done soon, Roland would like to see OIDC federations high up on that
list. Roland has running flask instances for the RP and OP; it should be
fairly straightforward to do something. Not sure about the interface
between the front end and Satosa itself. Ivan would like to see this
too, though it hasn’t been prioritized yet. Note that Davide is also
interested in this effort. Suggest Roland and Ivan have a separate call
next week to discuss further.
Another project is underway within AARC that will depend on Satosa:
Evaluating assurance. Expect additional PRs related to this effort.
