Attendees:
Roland, Johan, Heather, Scott, Ivan, Matthew
Notes:
0 - Agenda bash
1 - Administrivia
• Board will have their annual meeting next week. Same board slate.
• Johan will be off for parental leave until August 2023
2 - Project review
a. General
b. OIDC -
https://github.com/IdentityPython (JWTConnect-Python-OidcRP,
JWTConnect-Python-CryptoJWT, etc)
Roland has been working on documentation aimed towards software developers.
Working on the PRs in the OIDC libraries and have merged all but one. Also started
rebasing the fedservice fork so we can issue a PR soon for the work done to support
federation. This will be a major PR but mostly in the lower level code. This will bring
eduTEAMS in sync with this library; at that point there will be no reason to keep separate
software running for eduTEAMS.
OIDC federation spec is getting closer to being finalized. There have been discussion from
people running OIDC federations in the same way that SAML federations are run (one
authority collecting the info). There is a difficulty in that one model (OIDC federation
spec) assumes end-to-end encryption where the other assumes that encryption stops at the
edge and the organization can inspect the payload (required by regulation for banking).
Finding a compromise by allowing metadata collection from well-known endpoints. This
involves separating the path from the trust model.
c. Satosa -
https://github.com/IdentityPython/SATOSA
Ivan is preparing a new release, but nothing major. Is considering accepting one more PR
(
https://github.com/IdentityPython/SATOSA/pull/429) and then will cut the new release. See
also
•
https://github.com/IdentityPython/SATOSA/issues/428
•
https://github.com/IdentityPython/SATOSA/pull/430
After this release, will move Satosa to using poetry and require Python 3.9.
d. pySAML2 -
https://github.com/IdentityPython/pysaml2
Next release will see minimum Python requirement to 3.9 (see email to list).
Other major updates:
•
https://github.com/IdentityPython/pysaml2/pull/888 (may need further discussion)
•
https://github.com/IdentityPython/pysaml2/pull/895 (compatibility changes)
A user came back to an issue (submitted as a
PR:
https://github.com/IdentityPython/pysaml2/pull/665) about how operations are done with
xmlsec1. May need to revisit this. By default, pySAML2 uses the xmlsec1 binary. xmlsec1
works with files, so pySAML2 is always writing files to the file system, but Windows
cannot automatically clean up those files; they have to have an external process cleaning
up the files. This is not fixable. for the *nix systems, there are automatic cleanups, but
they are buggy. Person who submitted the issue offered a suggestion (code) but another
option is to handle xmlsec1 differently and offer a different back end. If interested,
please review and comment on the PR.
e. Any other project (pyFF, djangosaml2, etc)
3 - Documentation
See OIDC update
4 - AOB
Thanks! Heather