Sorry for the delay in getting these out.
Attendees: Johan W, Johan L, Shayna, Ivan, Roland, Matthew E.
0 - Agenda bash
1 - Project review
a. General -
b. OIDC libraries - https://github.com/IdentityPython (idpy-oidc,
JWTConnect-Python-CryptoJWT, etc)
- Roland has merged some existing MRs, including:
- Comparing uris for auth and oidc RPs and clients - special handling
defined for oauth native clients (application on a mobile
phone or on a
computer - not web application).
https://github.com/IdentityPython/idpy-oidc/pull/107
- Pending MR about resource indicators which will be updated
again. RFC defines how token that is generated through an openid
flow will
be used by a specific target. Work is finishing up on this.
https://github.com/IdentityPython/idpy-oidc/pull/102
- The effect is that the token will have certain audience values that
have been requested, but there are many cases where you need to apply
policies about which client requests can access certain
services, and this
may also be combined with scopes, limiting what you can ask
of a service.
Audience policies - how you can specify how the relationship between a
client, servives and scopes actually works. This is different
from how you
request a specific audience to become part of a token. There
is no PR for
this but there are discussions going on how it should be implemented.
- idpy-oidc -native clients can request different schemes - the
control is given back to the application rather than the browser. More
policies and configurations for these kind of things are coming.
- Roland has been working on wallets on his own fork of idpy-oidc and
sending back updates.
- new release for pyop - still in use but will be slowly deprecated.
c. Satosa - https://github.com/IdentityPython/SATOSA
- Ivan has been working on other projects
- will be backporting things that were added for EOSC
- will be merging things, creating smaller releases.
- some work on pyop, anything easy on pysaml2 and satosa
- PR-396 <https://github.com/IdentityPython/SATOSA/pull/396> is
part of a series of PRs created by Sven Haardiek
<https://github.com/shaardie> around ldap_attribute_store
(395-398). Ivan will go ahead and merge all of them. 398 was
trickier but
Ivan will test and merge if it doesn't break anything.
- Should create a ticket to add tests - going to go ahead and
merge because they are an optional microservice.
- Kristof wants his MR merged - support for path elements in the
base url of satosa - will probably talk more about that.
- Matthew's MR https://github.com/IdentityPython/SATOSA/pull/454 -
maybe take this into account for AOB below.
d. pySAML2 - https://github.com/IdentityPython/pysaml2
- In the same state as satosa above
e. Any other project (pyFF, djangosaml2, pyMDOC-CBOR, etc)
- pyff - Leif did a few merges. Work around trust info specification -
working group around this and to rename it.
https://github.com/IdentityPython/pyFF/pull/271
2 - AOB
- Matthew previously talked about a POC for code style and github
actions - he now has an intern that will be working on this -
- would like to pick a relatively smaller library, maybe pysaml2, and
provide a POC in a branch which will be reviewed in November
so the intern
can get feedback. Matthew had suggested Python black for code
style, using
pre-commit to do the checking, running out of github actions so that
linting and tests would happen automatically on pull requests.
- From Ivan:
- We have some things already but they do not run automatically.
So we have a basis but it can be extended.
- On pysaml2 we have a few relevant MRs:
- https://github.com/IdentityPython/pysaml2/pull/882
- https://github.com/IdentityPython/pysaml2/pull/816
- We also have a devs guide
-
https://github.com/IdentityPython/pysaml2/blob/master/DEVELOPERS.md
- and linters configured:
-
https://github.com/IdentityPython/pysaml2/blob/master/pyproject.toml#L200-L…
- Let's do this in a way so that it can be inherited by
other projects.
- Roland would like to find a new time for this call.
- Shayna is sending a doodle poll.
