Attendees: Ivan, Johan, Martin, Scott, Heather Regrets: Christos, Roland 1. Governance No need. Short version: Klaas wants GEANT to have a seat (Christos accepted the nomination), we were worried that made an even number of board members, I suggested therefore increasing the board by 2 and adding an additional research person and asked Chris W. if he wanted to be nominated (he does, but needs to clear it with his CIO which he plans to do this week) and so the timing is that I hope to have the board done by TechEx. 2. Pull Requests PR from Martin for pySAML2 (https://github.com/IdentityPython/pysaml2/pull/548) - pySAML tries to convert every attribute into a short name, which leaves consuming applications confused about what the original name of the attributes actually are. Martin’s PR fixes part of this. Ivan agrees to merge the small change, and will aim to fix this entire issue in the long run when mapping SAML to SAML. And there was much rejoicing. Ivan is still working on other changes in pySAML2, in particular how to get rid of the odd classes that pySAML2 use now (using LXML). Scott notes that pyFF uses LXML; points out that long lived processes may need to be more careful as LXML is known to have some problems with its memory handling. Need to be careful to clean up string objects; also careful with other garbage collection. Ivan would like to have an XML file to act as a dictionary (rather than creating classes for everything), that would track every node. This would result in a clear structure, and allow for easy alteration using basic python utilities. Only need to validate stuff as it comes in against the XML dictionary. Satosa - Ivan has merged some PRs that had been waiting for some time. Was looking at Martin’s PR ( https://github.com/IdentityPython/SATOSA/pull/176) and offered a comment. This parses claims from OIDC in a different way. The problem Martin was trying to solve was items being parsed as claims incorrectly. Ivan says we can go ahead and merge that PR. Ivan has also merged Scott’s PR for optional nameID, another to support the email address nameID format, and now with the latest code, the email address should come through untouched (not hashed). Will move forward by removing the hash functionality and turning it into a micro service. Ivan will continue to look at the other PRs; the one from Christos needs some cleanup (decision trees that can be simplified), and then another large one from Martin. When Ivan moves the hashing function into a micro service, he will cut a new release. Then we move on to more interesting stuff. As an aside, we need to reconsider how we write tests. It needs to be easier. A topic for a future meeting.