Attendees
Johan, Roland, Giuseppe, Scott, Christos, Heather
0 - Agenda bash
1 - GitHub review
a. OIDC - https://github.com/IdentityPython (oidcop)
See https://github.com/IdentityPython/SATOSA/pull/378#issuecomment-904513096
Started development last week, and has a good prototype with MongoDB. Found a few weaknesses with the implementation that need further analysis. Will be focusing next on unit test development, and once those are done and the code is reviewed, will start planning out the roadmap for further work (e.g., looking into DPOP).
Christos points out that there is another OIDC front end code package that already has about 20 deployments, and they are waiting for GRNET to come back from vacation to release the code. Are we running with two parallel implementations, and is that a good thing?
• the eduTEAMS implementation has not been widely shared, so others have not seen it.
• eduTEAMS needs stable code, but this new code can act as a sandbox where new ideas can be tested. The new ideas can then be ported back into the core code after they've been tested.
• The concern is if the sandbox code is in the Satosa repository, people won't know that it's just a sandbox and will try to use it in production. Particularly concerned that the code in the Satosa is production-ready.
• eduTEAMS does not have an open roadmap, so all communication is going to continue via these calls, meeting notes, and person-to-person communication.
• eduTEAMS code is expected to be released this quarter.
Nikos has a few PRs in queue, but the major missing part right now to the main code base is documentation. Roland is working on the documentation for clients, and when that's ready, will be ready to roll out the new release.
2 - AOB
Thanks! Heather
(If folks are available this week, we will focus on oidcop and it’s front end in Satosa)
BlueJeans: https://bluejeans.com/444837426?src=join_info
Agenda:
0 - Agenda bash
1 - GitHub review
a. OIDC - https://github.com/IdentityPython (oidcop)
2 - AOB
Thanks! Heather
Hello everyone,
I'm forwarding this email about a new community that is forming now.
Thought people from this list may be interested ;)
Cheers,
---------- Forwarded message ---------
From: Nicole Harris <nicole.harris at geant.org>
Date: Thu, 22 Jul 2021 at 18:56
Subject: [refeds] IAM-HER
To: refeds at lists.refeds.org <refeds at lists.refeds.org>
Hi all
I am really happy to announce that IAM-HER has a brand new website
that can be found at: https://www.iam-her.org/. You can also sign up
to the mailing list and the IAM-HER Slack using:
https://www.iam-her.org/get-connected.
IAM-HER is a community of women and their allies who work in Identity
and Access Management in Higher Education and Research. The primary
goals of IAM-HER are to provide a supportive community for women who
work in Identity and Access Management in Higher Education and
Research. We aim to share experiences with each other, to learn from
each other, and to support each other as we grow our careers in this
field. We also use the IAM-HER community to raise awareness of our
contributions and to be more visible in the impact we have at our
organizations and in the field at large.
The group is still up-and-coming and planning its goals so we’d love
to see more people joining us there. A huge thanks to Dedra
Chamberlin and Cirrus Identity for their work supporting the group and
getting us to this stage.
If you have any questions, please do not hesitate to reach out.
Best wishes
Nicole
--
Nicole Harris
Head of Trust and Identity Operations
GÉANT
T: +31 (0) 20 530 4488
M: +31 (0) 646 105395
Skype: harrisnv
PGP key Fingerprint: 4017 2E40 13D4 9DA7 68E1 8ADB 3F11 9CDB FC48 6216
Networks • Services • People
Learn more at www.geant.org
GÉANT Vereniging (Association) is registered with the Chamber of
Commerce in Amsterdam with registration number 40535155 and operates
in the UK as a branch of GÉANT Vereniging. Registered office:
Hoekenrode 3, 1102BR Amsterdam, The Netherlands. UK branch address:
City House, 126 -130 Hills Road, Cambridge CB2 1PQ, UK.
--
Ivan c00kiemon5ter Kanakarakis >:3
Attendees:
Giuseppe, Ivan, Johan, Roland, JohnP, Scott, Heather, Peter
1 - GitHub review
a. OIDC - https://github.com/IdentityPython
Released 2.0 a few weeks ago (https://github.com/IdentityPython/oidc-op/releases/tag/2.0.0) Discovered some backward compatibility issues that are being addressed; 2.1.0 will be released this week. These issues were not discovered in testing and impacted eduTEAMS in particular. We can add them in tests now that we're aware of them. Community is always encouraged to help with testing prior to releases.
What might also help: if the eduTEAMS project had routinely been making code available for others to use, some of this could be avoided as there would be more eyes on the work
Question about the OIDC front end: idpy does not maintain pyOP; we encourage people to look instead to oidc-op. For Satosa, we don't have another choice at this time. By default, we promote the new one, but it is possible to create a module to use the old one that uses pyOP. We don't really have a date for the changes as it depends on eduTEAMS.
Question about identity assurance (https://openid.net/specs/openid-connect-4-identity-assurance-1_0.html) Roland has most of the code, but there are handling issues. Example: if you get the information from different sources, they will verify information in different ways and you'll need to keep those separate. Roland expects to have something in another week that people can use to start testing. Assurance may relate to having a digital wallet; we haven't considered this much in the overall architectures for idpy. What about WebAuthn? Giuseppe has a PoC.
Question about logout: this is an ongoing challenge, and logout has known issues. Until those are a bit more clear in terms of what can be supported, not sure it's useful to build logout models into Satosa.
b. Satosa - https://github.com/IdentityPython/SATOSA
Satosa and microservice from Peter Gietz: https://gitlab.daasi.de/didmos2/didmos2-auth, https://gitlab.daasi.de/didmos2/didmos2-auth/-/tree/master/src
Please send additional updates and questions to Slack
c. pySAML2 - https://github.com/IdentityPython/pysaml2
Please send updates and questions to Slack
d. pyFF - https://github.com/IdentityPython/pyFF
Please send updates and questions to Slack
2 - Discussion
FYI - work is continuing on creating the W3C FedID Community Group. Draft charter is here: https://github.com/hlflanagan/fedidcg. Will have a call to discuss the charter on July 6 @ 13:00 UTC.
Thanks! Heather
