Idpy dev call CANCELLED for 1 November 2022
by Heather Flanagan
Given Ivan’s availability and the massive scheduling headache that is next week, I’m canceling Tuesday’s call. Our next call (unless something unexpected happens) is on 15 November 2022.
See you all on Slack!
Sent from my iPad
7 months, 1 week
Notes: idpy developers call, 4 October 2022
by Heather Flanagan
Roland, Johan, Ivan, Heather, Scott, Matthew, Giuseppe
0 - Agenda bash
1 - GitHub review
a. OIDC -
https://github.com/IdentityPython (JWTConnect-Python-OidcRP, JWTConnect-Python-CryptoJWT, etc)
OIDC Federation version 23 has been updated and are now out for an unofficial final review. Need an editorial review as much as a technical review. Roland has updated his implementation to be compliant with this new version, in particular compliance with CIBA which required entities to be allowed to be more than one thing at a time. Expect to finish in 2-3 weeks.
Ivan is working on https://github.com/IdentityPython/idpy-oidc/pull/32. This adds support to revoke/invalidate tokens. Seems to work well in eduTEAMS.
Ivan is also looking at how to manage the audience for the policies and how that interacts with the resource indicators.
When will eduTEAMS front end become public? No date. No idea when this will be resolved.
b. Satosa - https://github.com/IdentityPython/SATOSA
Many changes; see discussion on mailing list re: supporting multiple ACS endpoints. See https://github.com/IdentityPython/SATOSA/pull/409. This will be configurable on the backend. Note that given the divergence of IdPs out there, will need to be able to configure this on as granular a level as practical.
We have talked about turning Satosa into a FastAPI service. Maybe when we make that change, we can also change/specify what runs when certain endpoints are involved.
There is also an MR about allowing Satosa to be configured under a specified path. The MR allows for the base path to be changed. https://github.com/IdentityPython/SATOSA/pull/405
Plans to make the error messages for cookies and context state available (discussed at TNC).
Would be helpful if others run flake8 on the Satosa code and fix bugs as they are found.
c. pySAML2 - https://github.com/IdentityPython/pysaml2
Ivan has converted pysaml2 to use poetry and has also reformatted the code.
See https://github.com/IdentityPython/pysaml2/blob/master/pyproject.toml, https://github.com/IdentityPython/pysaml2/blob/master/tox.ini
Ivan is going to release a 7.3.0-alpha version with the changes up to now, and then plans to
• get the CI working
• rework the docs - switch to mkdocs and update the content
• go back to the actual code (a few things there happening in parallel to the above)
Other development open for contribution:
d. Any other project (pyFF, djangosaml2, etc)
At the last idpy meeting, had a new djangosaml2 release. Nothing changed since then. Giuseppe has tagged a new version, but the pipelines don't work yet.
2 - Documentation
Note that all docs will (eventually) be switched to using mkdocs. When Roland is done with his work on idpy OIDC will work on converting documentation to mkdocs and using poetry.
• a new README file: https://github.com/IdentityPython/pysaml2/#readme
• a DEVELOPER guide: https://github.com/IdentityPython/pysaml2/blob/master/DEVELOPERS.md
• a CONTRIBUTING guide: https://github.com/IdentityPython/pysaml2/blob/master/CONTRIBUTING.md
• a SECURITY guide: https://github.com/IdentityPython/pysaml2/blob/master/SECURITY.md
(a few things remaining as TODO) GitHub suggests that we additionally favor some Code of conduct document, but will skip this for now..
Still needs to work on the release documentation for pysaml2.