5:04 p.m.
Attendees:
Heather, Scott, Johan, Paul (I2), Ivan, Martin
Regrets:
Rainer, Roland
1. Project review
- Satosa (Satosa PRs - https://github.com/IdentityPython/SATOSA
<https://github.com/IdentityPython/SATOSA>)
Expect a new release when the pySAML2 security bugs are fixed
- pySAML2 (https://github.com/IdentityPython/pysaml2
<https://github.com/IdentityPython/pysaml2>)
Security fixes added by Ivan have broken some peoples installation. Ivan will be working
on resolving that today.
Issues and changes discussed today:
https://github.com/IdentityPython/pysaml2/issues/578
<https://github.com/IdentityPython/pysaml2/issues/578> - Don't hide xmlsec1
execution errors
https://github.com/IdentityPython/pysaml2/pull/583
<https://github.com/IdentityPython/pysaml2/pull/583> - Check the xmlsec returncode
https://github.com/IdentityPython/pysaml2/pull/581
<https://github.com/IdentityPython/pysaml2/pull/581> - Allow tests to pass after
2020
https://github.com/IdentityPython/pysaml2/issues/579
<https://github.com/IdentityPython/pysaml2/issues/579> - Wrong signed AuthnRequest
with redirect binding
https://github.com/IdentityPython/pysaml2/issues/586
<https://github.com/IdentityPython/pysaml2/issues/586> - Please don't cache MDQ
responses (note - in the long term, Scott would like to see pySAML support a sophisticated
metadata client, rather than having to rely on an external component. This would allow to
use a python stack with as few pieces as possible. This may also mean not removing but
instead fixing the cache.)
(Martin) Hashing of the sub and the bloat of the id token - should the OIDC library enable
putting claims in the id token (which would be difficult) or should we stick to the specs
and not put claims in the id token and instead query the end point? Most OIDC libraries
out there put claims in the token, since that’s what Google does. Remember we’re replacing
the pyOP libraries with new ones written by Roland (possibly not in all cases, though).
- pyFF (https://github.com/IdentityPython/pyFF
<https://github.com/IdentityPython/pyFF>)
See email from Leif
2 TIIME planning
https://github.com/IdentityPython/Meetings/blob/master/TIIME-20190211
<https://github.com/IdentityPython/Meetings/blob/master/TIIME-20190211> - may end
dev meeting early to have a board meeting
Ivan will be adding a few agenda items
How to add new members to the group (this will be both dev and board discussion)
9:25 a.m.
On 29 Jan 2019, at 16:04, Heather Flanagan
<hlflanagan at sphericalcowgroup.com> wrote:
Attendees:
Heather, Scott, Johan, Paul (I2), Ivan, Martin
Regrets:
Rainer, Roland
1. Project review
- Satosa (Satosa PRs - https://github.com/IdentityPython/SATOSA
<https://github.com/IdentityPython/SATOSA>)
Expect a new release when the pySAML2 security bugs are fixed
- pySAML2 (https://github.com/IdentityPython/pysaml2
<https://github.com/IdentityPython/pysaml2>)
Security fixes added by Ivan have broken some peoples installation. Ivan will be working
on resolving that today.
Issues and changes discussed today:
https://github.com/IdentityPython/pysaml2/issues/578
<https://github.com/IdentityPython/pysaml2/issues/578> - Don't hide xmlsec1
execution errors
https://github.com/IdentityPython/pysaml2/pull/583
<https://github.com/IdentityPython/pysaml2/pull/583> - Check the xmlsec returncode
https://github.com/IdentityPython/pysaml2/pull/581
<https://github.com/IdentityPython/pysaml2/pull/581> - Allow tests to pass after
2020
https://github.com/IdentityPython/pysaml2/issues/579
<https://github.com/IdentityPython/pysaml2/issues/579> - Wrong signed AuthnRequest
with redirect binding
https://github.com/IdentityPython/pysaml2/issues/586
<https://github.com/IdentityPython/pysaml2/issues/586> - Please don't cache MDQ
responses (note - in the long term, Scott would like to see pySAML support a sophisticated
metadata client, rather than having to rely on an external component. This would allow to
use a python stack with as few pieces as possible. This may also mean not removing but
instead fixing the cache.)
(Martin) Hashing of the sub and the bloat of the id token - should the OIDC library
enable putting claims in the id token (which would be difficult)
I don’t think it
would be that hard to make this configurable.
The default is of course to do it like the standard says: that is expect the claims to be
released from the user info endpoint.
or should we stick to the specs and not put claims in
the id token and instead query the end point? Most OIDC libraries out there put claims in
the token, since that’s what Google does. Remember we’re replacing the pyOP libraries with
new ones written by Roland (possibly not in all cases, though).
If not for all cases. I would really like to know why the new libraries could not be
used.
- pyFF (https://github.com/IdentityPython/pyFF
<https://github.com/IdentityPython/pyFF>)
See email from Leif
2 TIIME planning
https://github.com/IdentityPython/Meetings/blob/master/TIIME-20190211
<https://github.com/IdentityPython/Meetings/blob/master/TIIME-20190211> - may end
dev meeting early to have a board meeting
Ivan will be adding a few agenda items
How to add new members to the group (this will be both dev and board discussion)
_______________________________________________
Idpy-discuss mailing list
Idpy-discuss at lists.sunet.se
https://lists.sunet.se/listinfo/idpy-discuss
— Roland
Can anything be sadder than work left unfinished? Yes, work never begun. -Christina
Rossetti, poet (5 Dec 1830-1894)
2152
days inactive
2153
days old
1 comments
2 participants
participants (2)
-
hlflanagan@sphericalcowgroup.com -
roland@catalogix.se