2 - Project review
a. General
b. OIDC -
https://github.com/IdentityPython (idpy-oidc, JWTConnect-Python-CryptoJWT, etc)
Roland has been working on Satosa backend connecting to the OIDC library (a new backend using idpyoidc so Satosa can make client calls to OPs). When we get this module, we can start to look at logout flows. This will also relate to the browser changes and how cookies are effected.
Next step, wants to get SAML out of Satosa core (it has a dependency on pySAML). Also want to get rid of cryptodome (sp?) in favor of cryptoJWT. Concern that cryptoJWT may not handle certificates well. (
https://cryptography.io/en/latest/x509/). Need to also determine where else cryptodome may still be a dependency. Would be nice to clean up that legacy.
Separating the core from the protocols is a good idea, so each protocol can be treated separately and libraries installed as relevant.
Suggest we move ahead with a PR for what Roland has worked on so far. Fully separating out pySAML will need to be treated as a separate effort that will require several steps.
There are older backends talking to specific services (facebook, github). It doesn't appear we need those specific connections any more. Should they be removed? We can remove the ORCID one; they are using standard protocol flows. Do need to check for the rest. They should be just a question of configuration not a specific module.
Roland has released 2.0 of idpy-oidc, which is what eduTEAMS is using. So, now eduTEAMS is (nearly) free to publish their frontend.
Note there is confusion regarding the older libraries. See
https://github.com/IdentityPython/idpy-oidc/issues/53 . Ivan wrote a response, but if others have more to add, please do.
CZNIC is maintaining py-oidc. Roland will reach out and ask if they'd be interested in moving towards a more up to date implementation.
FYI:
https://github.com/UniversitaDellaCalabria/SATOSA-oidcop/releases/tag/v2.0.0
c. Satosa -
https://github.com/IdentityPython/SATOSA - v8.3.0 and v8.4.0 released