Roland, Ivan, Matthew, Heathter
1 - Administrivia
a. Website update - need to mention all the idpy OIDC projects, djangosaml2; Heather to check GitHub to see what else is missing from the website
1 - GitHub review
a. OIDC - https://github.com/IdentityPython (JWTConnect-Python-OidcRP, JWTConnect-Python-CryptoJWT, etc)
Roland has updated the federation libraries to match the spec. Will be running an interop event in the next few weeks
Working on a seminar re: the design architecture for the OIDC projects, but that will require some updates to the code to match the architecture he originally designed. The project has strayed a bit from the original design (which is an expected evolution). Roland will announce this on the idpy slack channel. Expect at least two hours. There will be a slide deck and/or notebook that will also be published.
grantmanager has been updated as per feedback from Giuseppe
b. Satosa - https://github.com/IdentityPython/SATOSA
Matthew haas aa reference implementation of Satosa in AWS. Working on getting approvals from his employer to publish it. Will be doing Internet2 TechEx ACAMP sessions on the docker image and how to use it to get started. It's similar tot the Shibboleth reference implementation on AWS. This is intended to show a quick start to Satosa. Will want to add on proper validation testing (unsure how to do that now).
c. pySAML2 - https://github.com/IdentityPython/pysaml2
Planning to make a release (see updated document on how to publish a release). Will also name it alpha or beta to see how that works.
One big MR (https://github.com/IdentityPython/pysaml2/pull/877 - reformatting code, removed older python code, fixes as part of flake). Once this is done, will push the new docs out to readthedocs.
• pyupgrade to fix "legacy Pythonisms"
• autoflake to remove unused imports (either left behind by pyupgrade, or otherwise unused)
• flynt, to fix non-f-string string formatting
• flynt -tc, to fix string concatenation too (which is more intrusive and could be unsafe, but tests should catch things)
More changes in the queue:
• https://github.com/IdentityPython/pysaml2/pull/878 - response name id instead of response assertion name id; similar to issue 866. What's proposed directly in this PR isn't ideal for a broader audience; choices need to be explicit and under the implementer's control
• https://github.com/IdentityPython/pysaml2/pull/866 - changing the default behavior and requiring signed responses by default; there is a suggestion to not allow unsigned responses at all, but that makes testing harder. There's also a lot of broken stuff out there, so being able to turn signing off selectively is aa good debugging tool.
• https://github.com/IdentityPython/pysaml2/issues/879 - OpenSSL library updates (not related to the recent bug). Ivan wants to remove dependency on this library.
Will be diving into some of the older PRs after this new release.