3:59 p.m.
Attendees:
Ivan, Matthew, Heather, Hannah, John P, Giuseppe
Regrets:
Scott
1 - Status of documentation
Hannah Sebulibah will be meeting with Ivan to figure out where to start on documentation.
Will likely start from the current configuration, which will help with cleaning up
existing options and fixing the defaults. The API will also need help, but that’s a much
bigger project and Ivan needs to do some work first. Scott has also started creating
issues with where he wants to work on items.
pySAML2 has a readthedocs connection, and we need to reorganize the top-level headers.
What’s there is mostly about the configuration options, and it is missing material.
We could also use the minimal working example of an IdP; Matthew has a gist about this.
Satosa does not have a readthedocs connection; nothing generates documentation.
Readthedocs can use markdown, which will be less work on our side.
Ivan will also be updating the architecture docs, esp. around the middleware. Hasn’t
gotten to that yet.
2 - GitHub review
a. OIDC - https://github.com/IdentityPython (JWTConnect-Python-OidcRP,
JWTConnect-Python-CryptoJWT, etc)
Recent focus in GitHub has been on oidcendpoint. The people involved in the OIDC project
are debating frequent small releases vs larger, more complete releases with more thorough
testing approx. once a month. When something is decided here, we should likely have the
same policies across all the projects. We can also focus on pre-releases. A goal is to
have automated testing and release with each tag. Suggest we focus on following the change
log format guidelines as here: https://keepachangelog.com/
Roland is working on a new session back-end. There is some concern that this may result in
a breaking change.
b. Satosa - https://github.com/IdentityPython/SATOSA
Memory leak still a mystery.
Should probably have its own key manager that is shared between its front ends and back
ends.
We have some merge requests, mainly around documentation, with a bit about the plop front
end.
c. pySAML2 - https://github.com/IdentityPython/pysaml2
Will be working on automated pre-releases.
Have been updating based on current issue list and some PRs. See:
• https://github.com/IdentityPython/pysaml2/issues/720#issuecomment-700694146
• https://github.com/IdentityPython/pysaml2/pull/727 - logout response location
• https://github.com/IdentityPython/pysaml2/pull/728 - logout response location
• https://github.com/IdentityPython/pysaml2/pull/704 - default name format
• https://github.com/IdentityPython/pysaml2/pull/721 - Increase key size in demo key
generation (note this is probably still too small; proper fix is to switch algorithms
• See also: https://github.com/IdentityPython/pysaml2/issues/712 to support switching
algorithms
• https://github.com/IdentityPython/pysaml2/pull/597 - needs to be expanded to include
enforcement
• Using a key manager would make handling keys easier, but it is not a priority
Priority list:
• Make algorithms configurable, enforcing the policies
• Getting away from xmlsec1 and instead working in memory. Expect we will switch to lxml.
Thanks! Heather