3:57 p.m.
Attendees:
Roland, Johan, Ivan, Heather, Scott, Matthew, Giuseppe
Notes:
0 - Agenda bash
1 - GitHub review
a. OIDC - https://github.com/IdentityPython (JWTConnect-Python-OidcRP,
JWTConnect-Python-CryptoJWT, etc)
OIDC Federation version 23 has been updated and are now out for an unofficial final
review. Need an editorial review as much as a technical review. Roland has updated his
implementation to be compliant with this new version, in particular compliance with CIBA
which required entities to be allowed to be more than one thing at a time. Expect to
finish in 2-3 weeks.
Ivan is working on https://github.com/IdentityPython/idpy-oidc/pull/32. This adds support
to revoke/invalidate tokens. Seems to work well in eduTEAMS.
Ivan is also looking at how to manage the audience for the policies and how that interacts
with the resource indicators.
When will eduTEAMS front end become public? No date. No idea when this will be resolved.
b. Satosa - https://github.com/IdentityPython/SATOSA
Many changes; see discussion on mailing list re: supporting multiple ACS endpoints.
See https://github.com/IdentityPython/SATOSA/pull/409. This will be configurable on the
backend. Note that given the divergence of IdPs out there, will need to be able to
configure this on as granular a level as practical.
We have talked about turning Satosa into a FastAPI service. Maybe when we make that
change, we can also change/specify what runs when certain endpoints are involved.
There is also an MR about allowing Satosa to be configured under a specified path. The MR
allows for the base path to be changed. https://github.com/IdentityPython/SATOSA/pull/405
Plans to make the error messages for cookies and context state available (discussed at
TNC).
Would be helpful if others run flake8 on the Satosa code and fix bugs as they are found.
c. pySAML2 - https://github.com/IdentityPython/pysaml2
Ivan has converted pysaml2 to use poetry and has also reformatted the code.
See https://github.com/IdentityPython/pysaml2/blob/master/pyproject.toml, https://github.com/IdentityPython/pysaml2/blob/master/tox.ini
Ivan is going to release a 7.3.0-alpha version with the changes up to now, and then plans
to
• get the CI working
• rework the docs - switch to mkdocs and update the content
• go back to the actual code (a few things there happening in parallel to the above)
Other development open for contribution:
• https://github.com/IdentityPython/pysaml2/issues/869#issuecomment-1256707533
d. Any other project (pyFF, djangosaml2, etc)
At the last idpy meeting, had a new djangosaml2 release. Nothing changed since then.
Giuseppe has tagged a new version, but the pipelines don't work yet.
2 - Documentation
Note that all docs will (eventually) be switched to using mkdocs. When Roland is done with
his work on idpy OIDC will work on converting documentation to mkdocs and using poetry.
See:
• a new README file: https://github.com/IdentityPython/pysaml2/#readme
• a DEVELOPER guide: https://github.com/IdentityPython/pysaml2/blob/master/DEVELOPERS.md
• a CONTRIBUTING
guide: https://github.com/IdentityPython/pysaml2/blob/master/CONTRIBUTING.md
• a SECURITY guide: https://github.com/IdentityPython/pysaml2/blob/master/SECURITY.md
(a few things remaining as TODO) GitHub suggests that we additionally favor some Code of
conduct document, but will skip this for now..
• https://github.com/IdentityPython/pysaml2/community
Still needs to work on the release documentation for pysaml2.
Thanks! Heather