Attendees:
Shayna, Matthew, Scott, Roland, Ivan, Heather
Agenda:
0 - Agenda bash
FYI - Heather will be dropping off organizing these calls and Shayna stepping up to fill the gap.
1 - Project review
a. General
eduTEAMS: there has been contact with GEANT working on technical docs and they will be helping with documentation for the front end. The team is also looking at connecting the front end (idpy-oidc) with a postgres database, and part of the database are the secrets for the connected clients. Team needs to properly hash the passwords before storing them. Also, have been seeing some strange behavior that has to do with how state is kept within the front end, but probably idpy-oidc. Should be having code that is loading in memory, but when we restart a node, the information is lost. Once that is solved, everything is in place for eduTEAMS code to go public.
Roland: when it came to storing info over time, decided nothing should happen by 'magic'. If you want to save something, you have to initiate that. If you don't do that, then nothing is stored. This was a design decision early on.
b. OIDC libraries - https://github.com/IdentityPython (idpy-oidc, JWTConnect-Python-CryptoJWT, etc)
Should be ready to merge the backend on Satosa.
• https://github.com/IdentityPython/idpy-oidc/pull/70
Roland is also looking at how to run without pySAML2 so he can run his tests. He is using pytest to find dependencies. That will happen after the backend is merged. Should we add a check at the top of a module to import something from idpy-oidc to see if that works and help check dependencies.
Roland is also starting to look at the wallet documentation. Will do some development to figure out how to make Satosa a credential issuer. All TBD.
• See also one organizations plans to implement: https://italia.github.io/eidas-it-wallet-docs/en/pid-issuance.html
c. Satosa - https://github.com/IdentityPython/SATOSA
• https://github.com/IdentityPython/SATOSA/pull/439
Plans to merge:
• https://github.com/IdentityPython/SATOSA/pull/440 (note, there are contradictions between different specs, and this reflects that. It's about handling duplicate query parameters which may be needed for one of the OIDC specs (where another spec says you shouldn't have duplicate query parameters)
• https://github.com/IdentityPython/SATOSA/pull/427 (fix AppleBackend)
• https://github.com/IdentityPython/SATOSA/pull/419 (Handle OIDC prompt together with SAML ForceAuthn and IsPassive)
• https://github.com/IdentityPython/SATOSA/pull/435 (Ft typing)
• https://github.com/IdentityPython/SATOSA/pull/431 (Introduce SAML SP-initiated Logout to SATOSA proxy)
Note: starting to apply black formatting and pre-commit configuration.
Ivan wants to focus next on the open PR of supporting base paths (https://github.com/IdentityPython/SATOSA/pull/405)
Updating the Satosa image on docker: Matthew is working on that this week.
d. pySAML2 - https://github.com/IdentityPython/pysaml2
Longstanding issue around supporting Windows. There is a problem with how temporary files are managed in Python. The PR is a temporary workaround until future Python core changes.
• https://github.com/IdentityPython/pysaml2/pull/665
Also moving forward with updating the error URL
• https://github.com/IdentityPython/pysaml2/pull/898
And various smaller PRs for maintenance.
More work is needed on new extension points (see conversations in Slack on the #saml channel - https://identity-python.slack.com/archives/CNDLAURU7/p1688030949364249)
e. Any other project (pyFF, djangosaml2, pyMDOC-CBOR, etc)
No updates.
2 - AOB
Note the new TIIME workshop (31 January - 1 February plus side meetings in Copenhagen) has a website: https://tiime-unconference.eu/
Thanks! Heather
