3:23 p.m.
Attending:
Johan, Heather, Ivan, Rainer
Project updates
Not much on the public repos. There has been quite a bit of work on eduTEAMS, which has a
lot to do with microservices and how they use Satosa. Also has impact on the OIDC
libraries.
Did do a fix for an issue Scott had with regards to how XMLsec errors were handled. First
fix sent the code into an endless loop (oops) but latest patches should be fine. This
patch will generate a new release, based on the new way we have agreed to generate
releases.
Release process
We will cut a new release and it will be tagged with a branch. Community maintainers will
work in the branch space, and core developers will work on the master branch. Latest
release for pySAML is 4.6.5. Ivan will cut a new release (4.6.6) and then that branch will
be incremented by the community maintainers (4.6.6.1 for first change).
Alternatively, Ivan could cut a 4.7 release, and community maintainers would maintain the
minor release numbers only. This seems to make more sense; Ivan will do this.
Description of the release process text is copied in each repo. Heather to update it and
pull that back into one location so that we only have to change it in one place.
Next on the list for Ivan: Satosa and pySAML2
Fixing redirect binding and some options set in Satosa but which are configured in pySAML2
(how we handle sign_assertion, sign_response, sign_alg, digest_alg). This is the same
issue we’ve been talking to Martin about; this impacts eduTEAMS, SURF, and others.
Ivan will cut another release later this week with the fixes for above included. (This
will be edition to the release today that fixes xmlsec)
Another issue: https://github.com/IdentityPython/pysaml2/issues/592
<https://github.com/IdentityPython/pysaml2/issues/592> do not properly check the
certificate as a result of some of the configuration options. Will be changing the default
values to require this checking; that may break some existing implementations. Ivan will
be investigating further. This more a misconfiguration than a security issue.
Reminder: we’ll have another call in a week; Daylight Saving Time skew will still be a
problem so check your calendars!
3:43 p.m.
Sorry, missed the call due to DST skew :-/
Christos a while ago talked about the need to be able to return user information in the ID
Token as a default.
In another project the same need had arisen so now I’ve almost done implemented it.
On 12 Mar 2019, at 14:23, Heather Flanagan
<hlflanagan at sphericalcowgroup.com> wrote:
Attending:
Johan, Heather, Ivan, Rainer
Project updates
Not much on the public repos. There has been quite a bit of work on eduTEAMS, which has a
lot to do with microservices and how they use Satosa. Also has impact on the OIDC
libraries.
Did do a fix for an issue Scott had with regards to how XMLsec errors were handled. First
fix sent the code into an endless loop (oops) but latest patches should be fine. This
patch will generate a new release, based on the new way we have agreed to generate
releases.
Release process
We will cut a new release and it will be tagged with a branch. Community maintainers will
work in the branch space, and core developers will work on the master branch. Latest
release for pySAML is 4.6.5. Ivan will cut a new release (4.6.6) and then that branch will
be incremented by the community maintainers (4.6.6.1 for first change).
Alternatively, Ivan could cut a 4.7 release, and community maintainers would maintain the
minor release numbers only. This seems to make more sense; Ivan will do this.
Description of the release process text is copied in each repo. Heather to update it and
pull that back into one location so that we only have to change it in one place.
Next on the list for Ivan: Satosa and pySAML2
Fixing redirect binding and some options set in Satosa but which are configured in
pySAML2 (how we handle sign_assertion, sign_response, sign_alg, digest_alg). This is the
same issue we’ve been talking to Martin about; this impacts eduTEAMS, SURF, and others.
Ivan will cut another release later this week with the fixes for above included. (This
will be edition to the release today that fixes xmlsec)
Another issue: https://github.com/IdentityPython/pysaml2/issues/592
<https://github.com/IdentityPython/pysaml2/issues/592> do not properly check the
certificate as a result of some of the configuration options. Will be changing the default
values to require this checking; that may break some existing implementations. Ivan will
be investigating further. This more a misconfiguration than a security issue.
Reminder: we’ll have another call in a week; Daylight Saving Time skew will still be a
problem so check your calendars!
_______________________________________________
Idpy-discuss mailing list
Idpy-discuss at lists.sunet.se
https://lists.sunet.se/listinfo/idpy-discuss
— Roland
Can anything be sadder than work left unfinished? Yes, work never begun. -Christina
Rossetti, poet (5 Dec 1830-1894)
4:37 p.m.
Project updates
Not much on the public repos.
FWIW, I submitted 2 PRs for Satosa (206, 207). Sorry I missed the call, just didn’t have
it on my calendar…
From: Idpy-discuss <idpy-discuss-bounces at lists.sunet.se> On Behalf Of Heather
Flanagan
Sent: Tuesday, March 12, 2019 8:23 AM
To: idpy-discuss at lists.sunet.se
Subject: [Idpy-discuss] Notes: idpy Developers Call, 12 March 2019
Attending:
Johan, Heather, Ivan, Rainer
Project updates
Not much on the public repos. There has been quite a bit of work on eduTEAMS, which has a
lot to do with microservices and how they use Satosa. Also has impact on the OIDC
libraries.
Did do a fix for an issue Scott had with regards to how XMLsec errors were handled. First
fix sent the code into an endless loop (oops) but latest patches should be fine. This
patch will generate a new release, based on the new way we have agreed to generate
releases.
Release process
We will cut a new release and it will be tagged with a branch. Community maintainers will
work in the branch space, and core developers will work on the master branch. Latest
release for pySAML is 4.6.5. Ivan will cut a new release (4.6.6) and then that branch will
be incremented by the community maintainers (4.6.6.1 for first change).
Alternatively, Ivan could cut a 4.7 release, and community maintainers would maintain the
minor release numbers only. This seems to make more sense; Ivan will do this.
Description of the release process text is copied in each repo. Heather to update it and
pull that back into one location so that we only have to change it in one place.
Next on the list for Ivan: Satosa and pySAML2
Fixing redirect binding and some options set in Satosa but which are configured in pySAML2
(how we handle sign_assertion, sign_response, sign_alg, digest_alg). This is the same
issue we’ve been talking to Martin about; this impacts eduTEAMS, SURF, and others.
Ivan will cut another release later this week with the fixes for above included. (This
will be edition to the release today that fixes xmlsec)
Another issue: https://github.com/IdentityPython/pysaml2/issues/592 do not properly check
the certificate as a result of some of the configuration options. Will be changing the
default values to require this checking; that may break some existing implementations.
Ivan will be investigating further. This more a misconfiguration than a security issue.
Reminder: we’ll have another call in a week; Daylight Saving Time skew will still be a
problem so check your calendars!
2111
days inactive
2111
days old
2 comments
3 participants
participants (3)
-
hlflanagan@sphericalcowgroup.com -
pcaskey@internet2.edu -
roland@catalogix.se