March 2019 - Idpy-discuss - lists3.sunet.se

Notes: idpy Developers call, 19 March 2019

by hlflanagan＠sphericalcowgroup.com

Attendees: Ivan, Roland, Heather, Paul Regrets: Scott Agenda: 0. Agenda bash 1. Governance and Note Well (update) - Commons Conservancy - Draft Note Well (https://github.com/IdentityPython/Governance <https://github.com/IdentityPython/Governance>) Heather has been talking to Commons Conservancy about the details of bringing idpy under their umbrella (something the Board voted forward on our last meeting). Heather is also working on updating the Note Well to include language requiring respect for other organizations IPR regimes. While OIDF is the current target for that, the language is being kept fairly general to allow for partnerships with other organizations in the future. 2. PR review - Satosa (Satosa PRs - https://github.com/IdentityPython/SATOSA <https://github.com/IdentityPython/SATOSA>) - pySAML2 (https://github.com/IdentityPython/pysaml2 <https://github.com/IdentityPython/pysaml2>) - pyFF (https://github.com/IdentityPython/pyFF <https://github.com/IdentityPython/pyFF>) - Others as needed Ivan has still been primarily focused on eduTEAMS. Is particularly interested in spending more time on pySAML2. Has spent some time on the logout code. We broke the logout flow when the request is signed. After that’s fixed, will continue to work on introducing new options for algorithms to use when signing responses.This will impact both Satosa and pySAML2. (See notes from last call) Hoping to have new Satosa and pySAML2 releases this week. eduTEAMS is also working on how OIDC federations will work, which potentially has impact on some of the idpy code. Specific issues being dealt with now: https://github.com/IdentityPython/pysaml2/issues/595 <https://github.com/IdentityPython/pysaml2/issues/595> https://github.com/IdentityPython/pysaml2/issues/594 <https://github.com/IdentityPython/pysaml2/issues/594> https://github.com/IdentityPython/pysaml2/issues/592 <https://github.com/IdentityPython/pysaml2/issues/592> https://github.com/IdentityPython/pysaml2/issues/579 <https://github.com/IdentityPython/pysaml2/issues/579> Also https://github.com/IdentityPython/SATOSA/pull/207 <https://github.com/IdentityPython/SATOSA/pull/207> https://github.com/IdentityPython/SATOSA/pull/206 <https://github.com/IdentityPython/SATOSA/pull/206> 3. AOB Scott Cantor has sent a request for letters of support re: some old SAML specifications, in order to bring them to full standard. See the REFEDS thread: https://lists.refeds.org/sympa/arc/refeds/2019-03/msg00019.html <https://lists.refeds.org/sympa/arc/refeds/2019-03/msg00019.html> OIDF: still working to find funds to maintain the JWTconnect libraries. May be getting close, but nothing signed. There is a conference signed in Munich in May (KuppingerCole’s Cloud Identity conference) where the developers will meet, along with the OIDF Board.

5 years, 1 month

1
0
0 0

Reminder & Agenda: idpy Developers call, 19 March 2019

by hlflanagan＠sphericalcowgroup.com

** Timezones are still off-kilter due to daylight saving time discrepancies between the US and the rest of the world. Check your calendars! ** Date: Tuesday, 19 March 2019 Time: 13:00 UTC (06:00 UTC-7 | 09:00 UTC-4 | 14:00 UTC+1) BlueJeans link: https://bluejeans.com/725043362 <https://bluejeans.com/725043362> Phone Dial-in +1.408.740.7256 (US (San Jose)) +1.888.240.2560 (US Toll Free) +1.408.317.9253 (US (Primary, San Jose)) Global Numbers: http://bluejeans.com/numbers Meeting ID: 725 043 362 Room System 199.48.152.152 or bjn.vc Meeting ID: 725 043 362 Agenda: 0. Agenda bash 1. Governance and Note Well (update) - Commons Conservancy - Draft Note Well (https://github.com/IdentityPython/Governance <https://github.com/IdentityPython/Governance>) 2. PR review - Satosa (Satosa PRs - https://github.com/IdentityPython/SATOSA <https://github.com/IdentityPython/SATOSA>) - pySAML2 (https://github.com/IdentityPython/pysaml2 <https://github.com/IdentityPython/pysaml2>) - pyFF (https://github.com/IdentityPython/pyFF <https://github.com/IdentityPython/pyFF>) - Others as needed 3. AOB

5 years, 1 month

1
0
0 0

Notes: idpy Developers Call, 12 March 2019

by hlflanagan＠sphericalcowgroup.com

Attending: Johan, Heather, Ivan, Rainer Project updates Not much on the public repos. There has been quite a bit of work on eduTEAMS, which has a lot to do with microservices and how they use Satosa. Also has impact on the OIDC libraries. Did do a fix for an issue Scott had with regards to how XMLsec errors were handled. First fix sent the code into an endless loop (oops) but latest patches should be fine. This patch will generate a new release, based on the new way we have agreed to generate releases. Release process We will cut a new release and it will be tagged with a branch. Community maintainers will work in the branch space, and core developers will work on the master branch. Latest release for pySAML is 4.6.5. Ivan will cut a new release (4.6.6) and then that branch will be incremented by the community maintainers (4.6.6.1 for first change). Alternatively, Ivan could cut a 4.7 release, and community maintainers would maintain the minor release numbers only. This seems to make more sense; Ivan will do this. Description of the release process text is copied in each repo. Heather to update it and pull that back into one location so that we only have to change it in one place. Next on the list for Ivan: Satosa and pySAML2 Fixing redirect binding and some options set in Satosa but which are configured in pySAML2 (how we handle sign_assertion, sign_response, sign_alg, digest_alg). This is the same issue we’ve been talking to Martin about; this impacts eduTEAMS, SURF, and others. Ivan will cut another release later this week with the fixes for above included. (This will be edition to the release today that fixes xmlsec) Another issue: https://github.com/IdentityPython/pysaml2/issues/592 <https://github.com/IdentityPython/pysaml2/issues/592> do not properly check the certificate as a result of some of the configuration options. Will be changing the default values to require this checking; that may break some existing implementations. Ivan will be investigating further. This more a misconfiguration than a security issue. Reminder: we’ll have another call in a week; Daylight Saving Time skew will still be a problem so check your calendars!

5 years, 1 month

3
2
0 0

Calendar invitation for an off-cycle call: idpy Developers call (off week)

by hlflanagan＠sphericalcowgroup.com

Hola a todos! Since we had to cancel the call this week, let’s aim for a call this coming Tuesday. Please note that we’re entering in that time where Daylight Saving Time varies between much of the US and Europe, so this may not be at quite the usual time for all participants! idpy Developers call (off week) Scheduled: Mar 12, 2019 at 6:00 AM to 7:00 AM To join the Meeting: https://bluejeans.com/679462931 To join via Room System: Video Conferencing System: bjn.vc -or-199.48.152.152 Meeting ID : 679462931 To join via phone : 1) Dial: +1.408.740.7256 (US (San Jose)) +1.888.240.2560 (US Toll Free) +1.408.317.9253 (US (Primary, San Jose)) (see all numbers - http://bluejeans.com/numbers) 2) Enter Conference ID : 679462931

5 years, 1 month

1
1
0 0

Open source business models and sustainability

by ivan.kanak＠gmail.com

Hello everyone, The TIIME meeting kickstarted some very interesting discussions. One of the topics on the "Open Source Identity and Access Management " track was "Open Source Business models and cooperations for IAM". I was there on part of the discussions that started the 2nd day and expanded over the next days. The topic is dense and while it was directed to the domain of IAM, I think that comes later in the picture, after we've discussed and agreed how Open Source works, why it is important for us and technology, and how one can benefit from (using or investing in) it. Being upfront and clear on why we support Open Source is key to understanding how Open Source can support us. Trying to not repeat what others have said better and before me, I will stay short, and I'll leave you with references to people, conferences and organizations that are dedicated to this, to analyze in detail the different aspects of the subject. IMHO, there are two things that prevent us from reasoning how we can benefit (financially among other forms of "benefit") from Open Source: 1. the fact that when we talk about Open Source, we usually think about software, 2. and, that we don't talk about what we mean with terms like "success" and "sustainability" (1) But, software is about people: We build and create software to make certain aspects of people's life easier; it is always about adding value to other people. Open Source empowers the users to take part on the decisions made for the evolution of the software. This is the big differentiator between closed-source and open-source projects. Closed-source projects have users, while open-source projects have communities. The foundation on top of which a successful open source project builds, is not the service or product, it is the community. In closed-source companies, what has value is either the product, or the (almost always, private) data that the product has collected. In open-source companies the value is not on the product itself, but on the relations between the company and the users. The investment should be in maintaining this relationship, building trust, while the product evolves both from the core-dev team and the community, with respect to the community. Now, this is a hard goal. People are difficult, and in the modern world even more. Competition is high, deals will almost always benefit the closed-source companies and the risk of working in the open is higher, precisely because control is not in your hands. However, it is not impossible. There are many organizations out there, big (some very big) and small, that have succeeded. And this is where (2) comes in. Taking into account (1), expectations must be adjusted to the difficulties of the reality of Open Source. It is not about marketing and selling the product anymore; it is about managing communities and continuously delivering value. It takes time and effort to create a robust, high quality codebase and userbase, it takes time and effort to convince people you are serious about what you do, and it takes time and effort to create and maintain relations (not just deals.) Time is a very important factor, because it is a limiting factor that you cannot avoid. It has direct implications on the scale an Open Source business can have. It is unreasonable to compare Open Source companies to companies like Microsoft, Google, Facebook, Amazon or any other giant out there (not just because of the different business models, but also because a big part of the value comes from the data collection as well as the data control these companies can exercise.) So, we must define what "benefit" and "success" mean in the context of an Open Source business. What is a healthy growth rate, and what indicators do we use to measure it? I won't go more into this, as this email is getting bigger than the small paragraph I had in mind when I started writing. I'll close with some links to related content: The economics of software by Bryan Cantrill (CTO of Joyent) http://dtrace.org/blogs/bmc/2004/08/28/the-economics-of-software/ http://dtrace.org/blogs/bmc/2004/12/16/the-economics-of-software-redux/ Sustain (un)conference - an event about the sustainability of open source projects https://sustainoss.org/about/ https://github.com/sustainers The community-compact - a social contract for open-source businesses and communities by Adam Jacob (CTO of Chef) https://medium.com/@adamhjk/introducing-the-community-compact-431c61ab978f https://github.com/adamhjk/community-compact Sustainable Free and Open Source Communities (SFOSC) - a project and book (in the making) about building healthy, sustainable open source communities and businesses - guiding principles, business model definitions and social contracts (like the community-compact above.) https://medium.com/sustainable-free-and-open-source-communities/we-need-sus… https://sfosc.org https://github.com/sfosc Finally, some notes on the recent discussions on some open-source projects re-licensing as a way to make money (see Redis, MongoDB, CockroachDB, etc): The tragedy of the commons clause https://redmonk.com/sogrady/2018/09/10/tragedy-of-the-commons-clause/ Open source confronts its midlife crisis http://dtrace.org/blogs/bmc/2018/12/14/open-source-confronts-its-midlife-cr… A EULA in FOSS clothing? http://dtrace.org/blogs/bmc/2018/12/16/a-eula-in-foss-clothing/ Cheers, -- Ivan c00kiemon5ter Kanakarakis >:3

5 years, 1 month

2
1
0 0

Call rescheduled to next week

by hlflanagan＠sphericalcowgroup.com

Hola a todos! Too many folks are wrapped up at the I2 meeting this week, so we’re going to reschedule our call to next week, same time. I will send out an invitation later this week. -HEather Sent from my iPad

5 years, 1 month

1
0
0 0

Branching and Versioning - wiki pages

by hlflanagan＠sphericalcowgroup.com

Hola a todos! I’ve added a brief wiki page to the SATOSA, pySAML2, and pyXMLSecurity repositories about branching and versioning. The text for each is as follows: --- The idpy projects (including this one) are maintained by a few core maintainers and a larger number of community volunteers. The core maintainers focus entirely on the master branch, developing and evolving the code there. The community volunteers maintain the point-in-time minor and patch releases. For every major release, the core maintainers will create a branch. All work on that branch, including bug fixes and minor enhancements from both the volunteers and the core maintainers, will be coordinated and maintained by the community volunteers. If you would like to be a community volunteer with the appropriate permissions to control a branch, please contact us at discuss at idpy.org. — Should we add this to any other repository? pyFF? pyOP? Thanks! Heather

5 years, 1 month

4
5
0 0

2024

2023

2022

2021

2020

2019

2018

2017

Idpy-discuss March 2019