Attendees:
Roland, Johan, Heather, Scott, Ivan, Matthew

Notes:

0 - Agenda bash

1 - Administrivia

Board will have their annual meeting next week. Same board slate.
Johan will be off for parental leave until August 2023

2 - Project review
   a. General

   b. OIDC - https://github.com/IdentityPython (JWTConnect-Python-OidcRP, JWTConnect-Python-CryptoJWT, etc)
Roland has been working on documentation aimed towards software developers.
Working on the PRs in the OIDC libraries and have merged all but one. Also started rebasing the fedservice fork so we can issue a PR soon for the work done to support federation. This will be a major PR but mostly in the lower level code. This will bring eduTEAMS in sync with this library; at that point there will be no reason to keep separate software running for eduTEAMS.

OIDC federation spec is getting closer to being finalized. There have been discussion from people running OIDC federations in the same way that SAML federations are run (one authority collecting the info). There is a difficulty in that one model (OIDC federation spec) assumes end-to-end encryption where the other assumes that encryption stops at the edge and the organization can inspect the payload (required by regulation for banking). Finding a compromise by allowing metadata collection from well-known endpoints. This involves separating the path from the trust model.

   c. Satosa - https://github.com/IdentityPython/SATOSA
Ivan is preparing a new release, but nothing major. Is considering accepting one more PR (https://github.com/IdentityPython/SATOSA/pull/429) and then will cut the new release. See also

After this release, will move Satosa to using poetry and require Python 3.9.

d. pySAML2 - https://github.com/IdentityPython/pysaml2
Next release will see minimum Python requirement to 3.9 (see email to list).
Other major updates:

https://github.com/IdentityPython/pysaml2/pull/888 (may need further discussion)
https://github.com/IdentityPython/pysaml2/pull/895 (compatibility changes)

A user came back to an issue (submitted as a PR: https://github.com/IdentityPython/pysaml2/pull/665) about how operations are done with xmlsec1. May need to revisit this. By default, pySAML2 uses the xmlsec1 binary. xmlsec1 works with files, so pySAML2 is always writing files to the file system, but Windows cannot automatically clean up those files; they have to have an external process cleaning up the files. This is not fixable. for the *nix systems, there are automatic cleanups, but they are buggy. Person who submitted the issue offered a suggestion (code) but another option is to handle xmlsec1 differently and offer a different back end. If interested, please review and comment on the PR.

e. Any other project (pyFF, djangosaml2, etc)

3 - Documentation
See OIDC update

4 - AOB