5:53 p.m.
On 14 Apr 2020, at 15:57, Heather Flanagan
<hlflanagan at sphericalcowgroup.com> wrote:
Attendees:
Johan, Ivan, Heather, John, Leif, Christos, Scott
Notes:
1 - GitHub review
a. OIDC - https://github.com/IdentityPython <https://github.com/IdentityPython>
(JWTConnect-Python-OidcRP, JWTConnect-Python-CryptoJWT, etc)
Some activity between Jakob and Roland on the
On the …. ??
Sorry, I missed the call.
I’ve lately been occupied with getting a toy OIDC federation up and running on a cloud
based VPS.
In preparation for the OIDC federation interop testing that was supposed to be F2F in
Brighton but now will be
virtual.
3 - AOB
Also in eduTEAMS, we have a proxy that talks to OIDC and SAML entities. Internally, we
need a representation fo the metadata of those entities. If we have an MDQ, then the
metadata is already there - we can get them from the file system or cached. For OIDC
entities, though, that doesn’t exist. Would like to have a way to find out the metadata of
OIDC entities and represent them in a common way in the proxies so they can be displayed
somewhere (e.g., consent service). If you don’t need any of the cryptobits, then you can
extract the metadata and turn it into Discojuice-formated JSON and dump it into a
discovery service. pyFF is a SAML only thing; in SeamlessAccess, pyFF is used to aggregate
and format metadata into JSON and dump it into a central MDQ. Sounds like they need
multiple processors that will dump into a common repository.
This will become important when we have OIDC federations, though it depends on how OIDC
federations will finally look like. But whether pyFF will fit that model is still an open
question.
Yes, needs to be discussed. I think we have left a couple of hooks in the specification
where pyFF could possibly fit in.
But it’s not be thoroughly discussed yet.
If someone can describe a use case we could go from there.
— Roland
Can anything be sadder than work left unfinished? Yes, work never begun. -Christina
Rossetti, poet (5 Dec 1830-1894)