7:25 p.m.
Attendees
John, Scott, Giuseppe, Ivan, Hannah, Ori, Johan, Chris
0 - Agenda bash
1 - Administrivia
Suggestion made that announcements of security issues should include some indication of
severity and whether there is indication these have been found 'in the
wild'. Also some additional guidance on what to expect with regards to remediation
(what are deployers expected to do, what level of effort can people expect to encounter)
would be helpful. The team will put together an FAQ on how security vulnerabilities are
handled and include a log of known vulnerabilities (once those vulnerabilities and their
remediations are public).
2 - GitHub review
a. OIDC - https://github.com/IdentityPython (JWTConnect-Python-OidcRP,
JWTConnect-Python-CryptoJWT, etc)
No update
b. Satosa - https://github.com/IdentityPython/SATOSA
c. pySAML2 - https://github.com/IdentityPython/pysaml2
Nothing major through the holiday, only some minor fixes for the tests. Ivan wants to
reorganize the code a bit to clearly separate the operations that work on the XML document
representation from those that work on an object representation of the XML data.
d. pyFF - https://github.com/IdentityPython/pyFF
No update
3 - Normalizing idpy projects (see email from Ivan, "Subject: [idpy-discuss]
Normalizing across all projects”, 10 November 2020)
a. Extending the invitation to djangosaml2 - status?
Will add to the agenda for our next call
4 - AOB
Thanks! Heather