3:51 p.m.
Attending:
Heather, Ivan, Hannah Sebuliba, Scott, Roland, Matthew, John P, Giuseppe
Notes
1 - Status of architecture documentation
Ivan promises to write more down. Heather will continue to nag him until he does.
Has continue thinking about the middleware, and is planning on some restructuring and
clarification of the Satosa docs.
We had collected use cases in the wiki (https://github.com/IdentityPython/SATOSA/wiki)
and we also spoke about setting up docker containers to demonstrate those use cases. This
is something others could do; if interested, please reach out to Ivan.
Also on the list, better documentation for the API which will serve as groundwork for
future changes. We are using readthedocs for pySAML2
(see https://pysaml2.readthedocs.io/) but it focuses on the configuration options; needs
more.
Team is encouraged to add a GitHub issue for sections of the documentation they are
working on so we can keep track of what’s being created. Scott will take a first cut at
the pySAML2 top level documentation, and will then write docs on how to spin up a minimal
working example of IdP. Matthew will submit his manual install of Satosa
documentation: https://gist.github.com/xenophonf/22d0ec836005040a9f7c7bb80b183eda. There
is also a strong argument for shifting where we can to a Document Driven Development
model, writing the documentation first, share it with others, then write the code.
2 - Potential new project for idpy - status?
a. https://github.com/knaperek/djangosaml2 - Giuseppe has sent an email to the list;
Roland has indicated support. Heather will take this to the Board.
This is linked to pySAML2. Having a project that directly uses pySAML2 that allow people
to quickly set up an IdP is a good way to help direct usability improvements for pySAML2.
3 - GitHub review
a. OIDC - https://github.com/IdentityPython (JWTConnect-Python-OidcRP,
JWTConnect-Python-CryptoJWT, etc)
Roland is preparing an issue around session management with the oidcendpoint. He is
writing docs on how it should work, and then will work on the code.
Ivan is working on CryptoJWK and will add a new CLI for the ‘use’ flag.
b. Satosa - https://github.com/IdentityPython/SATOSA
Memory leak is still a mystery. This may actually be a problem with gunicorn.
c. pySAML2 - https://github.com/IdentityPython/pysaml2
Giuseppe went through the open issues, closing several and making notes on others.
New merges: documentation; changed the default re: signatures; removed all the assertion
calls.
Looking at replacing the calls to xmlsec1 and doing the same action in memory.
Ivan has not yet pu shed the changes for the default algorithms. Will switch to SHA-512.
Thanks! Heather