Attendees: Johan L, Shayna, Ivan, Mikael, Matthew, Enrique, Hannah

0 - Agenda bash

1 - Project review

a. General

Moving project repos - all should be moving under IdPy, but who will maintain the ones that are new and not going to be under other projects?
Mikael will keep them floating - most (other than the ones being added to Satosa) are considered POC, and Sunet and SWAMID will use them as reference.
Mikael will look into the process for bringing the repos under the IdPy umbrella, described here: https://github.com/IdentityPython/Governance/blob/master/idpy-projects.md

b. OIDC libraries - https://github.com/IdentityPython (idpy-oidc, JWTConnect-Python-CryptoJWT, etc)

Will be posting a new release after the call with the ldap_attribute_store plugin updates.

uses pydantic v1 but now we have pydantic v2, so want to make sure there are no problems - there may be an issue with the python version. Ivan is testing with 3.13. Mikael knows there is a breakage with pyFF with 3.13 that he thought might be related to pydantic.

Next will look at some changes Giuseppe has prepared and is using in his fork around namespace names.

e. Any other project (pyFF, djangosaml2, pyMDOC-CBOR, etc)

pyFF: Mikael will be taking a look at the hashmark issue mentioned in the last meeting. Ivan is looking into this as well.
Mikael and Enrique are collaborating on the issue Enrique described last week.

2 - AOB

Matthew had posted some things on Slack about the attribute mapper, but was able to figure out what he needed.

SAML defines attributes - they are not just an identifier. There is the name, the friendly name, and the name format. The name format tells you how the name is structured - it is not really a string. It could be a url or uri , for example. Within the name you could have a uri with a hash symbol with a pointer, so you cannot just compare the values as strings. Parsing the objects the right way may show they are the same. The uniqueness of an attribute does not come from the name - you have to combine it with the name format.
Ivan will try to answer this on Slack and give some examples

Matthew is currently working on signing outgoing SAML requests - it is not working out of the box. He will gather his questions on this for another time.
Matthew is also working on how to structure tests for an application that uses SAML, and uses jwts after the SAML response. Would like to mock up a real world application.

Next goal is to be able to do integration testing, deploying an IdP that facilitates that.
Also doing all the same stuff with open id connect. Still working on getting the proper configuration.