Accomplishments:
1. Agreed to projects to include in idpy (current list = Satosa, pyff,
pySAML, pyXMLsecurity)
2.
1. discussion on the OIDC related ones somewhat dependent on future
governance decisions
3. Agreed to a plan for how to work through existing pull requests
until such time as we have a dedicated benevolent dictator
4. Reviewed three pull requests for Satosa (174, 171, 161)
5. Discussed prioritization for Satosa/pySAML
6.
1. Clean up Satosa code base, including writing tests
2.
1. fixing logging, error handling
2. more structured documentation on how to import microservices
3. Bigger Satosa refactoring
4.
1. pulling out networking; this will almost certainly have to
touch on pySAML and its refactoring
Action items:
1. Governance items
2.
1. Heather to create an evaluation matrix for potential IPR home
based on criteria proposed by Niels, Benn from previous efforts
to look at IPR homes for OpenConext, Cyrus
2. Roland needs to move pySAML to the IdentityPython repository
3. Heather to update idpy.org <http://idpy.org> with GitHub links,
other info from the meeting
4. Satosa updates
5.
1. Martin to split pull request 161
2. Heather to make sure Niels and Ivan talk about 171
3. Scott has homework (?) re: 174
Next steps:
1. Governance
2.
1. idpy developers to review IPR home matrix and make decision
2. Community outreach re: governance decisions/recommendations
3. CLA - text and signing
3. Technical architecture
4.
1. Finish evaluating Satosa pull requests
2. Continue to develop additional, better tests
3. pyFF development (currently RA21 focused)
plan B - a process to accept pull requests and do proper releases
* No development on the master.
* Unit tests must pass before merged into Master. A test may need to
be written to validate; a test is always required.
*
o Measure test coverage with Coverall (?). If the new code (bug
fix or RFE) comes in on a place with few tests, then need test
needs to be written. If there are a lot of tests, then committer
should at least look at the test to see if it is likely to be valid.
* Each version has to be tagged with dependencies
* Peer review - someone posts to the list, describes how/why and
points to a pull request; at least one approver (and the approver
has to be someone who is approved to commit code and who isn’t a
member of the same organization)
* Stable releases should be posted to PyPI
Hi all,
the following projects are in, or have been voted into the idpy repository.
OICRP
oiccli
oicsrv
oicmsg
cryptojwt
SATOSA
fedoicmsg
fedoicmsg
satosa_microservices
fedoicrp
fedoiccli
pyop
pyjwkest
satosa-developer
Not yet in git
pyelevel
pysaml
pyff
Out of these,
OICRP
oiccli
oicsrv
oicms,
fedoicmsg
fedoicrp
fedoiccli
Only have Roland as a committer
The others have multiple commiters, as listed in the attached files.
Cheers,
Niels
--
Niels van Dijk Technical Product Manager Trust & Security
Mob: +31 651347657 | Skype: cdr-80 | PGP Key ID: 0xDE7BB2F5
SURFnet BV | PO.Box 19035 | NL-3501 DA Utrecht | The Netherlands
www.surfnet.nlwww.openconext.org
Hello all,
For those of you attending the idpy dev meeting at TIIME, we are up on
the fourth floor. Turn left out of the elevator and walk to the end of
the hallway.
We're going to be flexible with the agenda, as Leif and Roland are stuck
in Sweden (airplane issues). We won't see them until tomorrow.
-Heather
Attendees:
Scott, John, John, Ivan, Roland, Heather
Notes:
Coding style
1. flake8 and SOLID not mutually exclusive?
2. Any objections we should consider against PEP8/flake8?
PEP8 is a start, but need some higher level constraints on things like
variable names.
Google’s style guide builds on top of PEP8.
Perhaps use both? Homework for people to study before TIIME - if you’re
not familiar with any of the above, please look them over and be
prepared to offer an opinion as to whether using PEP*+flake8 and the
Google coding guide should be adopted for idpy projects.
Do we want to rely on autogenerated documentation on the code? Any
guidance we want to apply? Roland is using Sphinx for some of his
projects. Add to discussion at TIIME
Incubator program - Ivan’s proposal vs following the model of one of the
existing incubators
Discuss at TIIME
TIIME agenda
* separate email
AOB
Google would like OIDF to host the libraries Roland is working on. Not
sure what that means with regards to using GitHub to maintain (since
OIDF doesn’t have a GitHub space). Roland would still like the python
libraries in idpy. Not sure what Google would think about that (though
they probably want everything in one space). What if they were offered a
spot on the idpy board? There are many dependencies between them, which
means hosting across different orgs would be unreasonably complicated.
Next meeting @ TIIME (Cancel next week’s call)
Logistics:
Monday, 5 February 2018, Room E, 13:00-17:30
Tuesday, 6 February 2018, Room E, 09:00-12:30, 13:30-16:00 (if needed)
Topics to cover:
* Policy to add/remove projects on idpy.org <http://idpy.org> (see
email 17 January 2018)
* Technical harmonization: project may need dedicated time, and we
need to decide which projects fall under the idpy umbrella,
including discussions on who is the tech lead for each, what the
project maturity levels are, where we need to target refactoring of code
*
o pyOP
o pyOIDC
o OICcli
o OICmsg
o pyJWKEST
o Satosa*
o pySAML
o pyff*
* Consensus call on coding style: PEP8 enforced by flake8, with
Google’s guide offering the additional detail guidance
* Autogenerating documentation - Sphinx
<https://pythonhosted.org/an_example_pypi_project/sphinx.html>? Other?
* Governance and timetable
* Any open pull requests
5 February 2018
13:00-14:00 - Introduction, agenda building
14:00-17:00 - open
17:00-17:30 - review action items from the day
6 February 2018
09:00-10:00 - Governance
10:00-10:30 - agenda building
10:30-12:30 - open
13:30-15:30 - open
15:30-16:00 - review action items from the day
* Satosa and pyff to be covered on day 2
Hi all,
An FYI that I've submitted an unconference proposal to discuss the idpy
project (governance, what projects make up idpy) at TIIME. I suspect we
may want one or two more proposals to specifically discuss Satosa, pyff,
and/or the other projects that (probably) make up idpy.
-Heather
(P.S. I also submitted proposals on RA21 and the REFEDS 2018 workplan.)
Hi all,
Obviously we'll do a fair bit of agenda building on site, but this list
should give us a sense of what we need to cover and how much time we
have. Does anyone have topics they would like to add, or want to propose
a more precisely defined schedule in advance?
-----
Logistics:
Monday, 5 February 2018, Room E, 13:00-17:30
Tuesday, 6 February 2018, Room E, 09:00-12:30, 13:30-16:00 (if needed)
Topics to cover:
* Technical harmonization: project may need dedicated time, and we
need to decide which projects fall under the idpy umbrella,
including discussions on who is the tech lead for each, what the
project maturity levels are, where we need to target refactoring of code
*
o pyOP
o pyOIDC
o OICcli
o OICmsg
o pyJWKEST
o Satosa
o pySAML
o pyff
* governance
* any open pull requests
5 February 2018
13:00-14:00 - Introduction, agenda building
14:00-17:00 - open
17:00-17:30 - review action items from the day
6 February 2018 (maybe have the open time be split between each project?)
09:00-10:00 - Governance
10:00-10:30 - agenda building
10:30-12:30 - open
13:30-15:30 - open
15:30-16:00 - review action items from the day
Hi,
I would like to nominate pyFF, pyXMLSecurity, and pyeleven to be
included under the IdentityPython umbrella and in particular move to the
IdentityPython GitHub account.
The pyFF + SATOSA combination has become critical infrastructure for a
number of research projects that I am working with to leverage federated
identity.
I have dialogued with Leif and he is willing to move the projects under
the IdentityPython umbrella.
Please +1 if you support the motion.
Thanks,
Scott K
There were two ideas related to versioning and release cycles coming out
of today's call:
1. Use semantic versioning for all projects.
2. Every new change (e.g., bug fix, feature enhancement) should be a
separate release.
We can discuss further at the TIIME workshop, but if folks have strong
opinions one way or the other, it would be good to start discussion on
the list. Thoughts? Feel free to [+|-]1
-Heather
