[Idpy-discuss] Notes: idpy dev call, 29 May 2018

Attendees: Heather, Ivan, Scott, Roland, Martin Notes 0. Administrivia * governance status * side meeting during TNC2018? No. * Ivan now has a contract. Yay! * Heather to take the action to respond to Niels question re: IPR * June 12 call cancelled; next call will be June 26 1. Satosa - https://github.com/IdentityPython/SATOSA/pulls Not much progress on things. Note that Ivan will work with pySAML2 first in order to get some functionality in, then will work on Satosa. Regarding existing pull requests, we have discussed most of them. * 182 is related to what eduTEAMS wants to do, introducing sessions into Satosa. This changes the role of Satosa a bit, so would like to have more discussions around that. Note that this will imply also adding some form of UX that allows the user to indicate whether they are ok with their information being stored (that they want SSO). ** Concerns about this being a default. * PR from Martin in the micro services repository (discussed last call) has been merged. This will break some functionality until other components are updated Ivan does not consider Satosa stable; there will be breaking changes. Perhaps it would be worthwhile that we have a tag that snapshots the state right before the breaking change so reverting to unbroken code can be fast. Will also be using semantic versioning. Satosa is also going to be critical for upcoming OIDCre pilot federations. Need to consider that when planning breaking changes. Ideally, breaking changes will happen sooner rather than later. Use of Satosa will increase. OIDC front end of Satosa will have to be redone; Roland has code. In Satosa, we have a metadata key that signs the metadata. Not sure why we use a different signing key for that than we would use for signing an authN request? Should we sign the metadata by default? By itself, it is not a security measure, but it is one more thing we can do. 2. pySAML2 - https://github.com/IdentityPython/pysaml2/pulls Scott Koranda’s PR was merged. * 505 is new, seems mostly fine. What the contributor is trying to do could be done in another place. Still needs a test. * 493 - queries about this did not receive a response. Ivan was not able to duplicate the error (he got a different one) * 495 - is fine and will merge that today * 499 - looks reasonable, but we handle the id_attr in a different way elsewhere. Would like that to be the same everywhere, so won’t merge this without changes. * 485 and 483 - waiting for tests from Scott; Ivan may pick those up if there are times * Issue 445 - seems correct, but Ivan needs to review what the spec says about the time format 3. pyFF - https://github.com/IdentityPython/pyFF/pulls Need Leif here for this. Martin has long standing PR with cherry pie ( https://github.com/cherrypy/cherrypy/pull/1692) and that isn’t getting any attention. It really breaks pyFF if you don’t fix this. Suggests people on this call add a comment to that issue and ask the maintainers to fix it. May end up switching to flask, but work on that has been postponed as Leif works on RA21. 4. Other repositories (depending on who's on the call) * Microservices as a separate project? This is fairly complicated. Perhaps a separate repository for every micro service? Example: a breaking change in one micro service may not break all micro services, so versioning a single micro service project becomes challenging. Alternative: split a micro service into its own repository, and then the file in the micro services repository will just be a glue file. No decisions made yet.