Giuseppe, Ivan, Matthew, Heather, Johan, Hannah, John
1 - Status of architecture documentation
No update; focus is on finding a memory leak.
Will be expanding on the internal data representations, and how the microservices are
applied to data representations, and how they get back to the external protocol.
2 - Potential new project for idpy
Giuseppe has invited Joseph, the maintainer, to these calls to see about bringing in
djangosaml2 under the idpy umbrella.
As a reminder, here are the instructions for adding a project to idpy:
Heather will follow up with the Board in September re: the new project.
3 - GitHub review
Ivan is spending most of his time right now hunting down a memory leak. Other coding is
delayed. See Satosa update.
a. OIDC - https://github.com/IdentityPython
Status of pkce? OIDC endpoint has support for pkce (a better type of implicit flow). Ivan
will be following up on that; sounds interesting.
Question about whether this generates JWK? We do have scripts that can generate the keys:
You can specify what the key will be used for via the ‘use’ parameter. We currently do not
specify that, but might be useful to have. Then it will be easier to generate and use
b. Satosa - https://github.com/IdentityPython/SATOSA
When running Satosa, a host with 1GB of RAM, after about 3-4 days of processing requests,
the memory usage has increased. It’s a slow leak in newer versions of Satosa. It may not
even be Satosa itself, but one of the libraries (e.g., OpenSSL library, libxml). If you
are restarting Satosa regularly, or don’t have a lot of traffic, this may not be a major
impact to you.
to help hunt down the source of
c. pySAML2 - https://github.com/IdentityPython/pysaml2
Name format work: https://github.com/IdentityPython/pysaml2/issues/601
. PySAML2 assumes
the name format value is a URI format. This is a bug on the consumption side. When we
parse an attribute element and we don’t find a name format attribute, we should indicate
that it is unspecified. When we produce an attribute element, then we have an object and
we initialize it with the name format, the name of the attribute, and the value of the
attribute. If we don’t specify the name format, then the default is a URI format. We may
shift to indicating everything is unspecified unless specified as a URI format.
d. pyFF - https://github.com/IdentityPython/pyFF
4 - AOB
Ivan will be on vacation and miss the next call (August 18); we will cancel that call.
Next call is 1 September 2020