Sorry for the delay in getting these out. Attendees: Johan W, Johan L, Shayna, Ivan, Roland, Matthew E. 0 - Agenda bash 1 - Project review a. General - b. OIDC libraries - https://github.com/IdentityPython (idpy-oidc, JWTConnect-Python-CryptoJWT, etc) - Roland has merged some existing MRs, including: - Comparing uris for auth and oidc RPs and clients - special handling defined for oauth native clients (application on a mobile phone or on a computer - not web application). https://github.com/IdentityPython/idpy-oidc/pull/107 - Pending MR about resource indicators which will be updated again. RFC defines how token that is generated through an openid flow will be used by a specific target. Work is finishing up on this. https://github.com/IdentityPython/idpy-oidc/pull/102 - The effect is that the token will have certain audience values that have been requested, but there are many cases where you need to apply policies about which client requests can access certain services, and this may also be combined with scopes, limiting what you can ask of a service. Audience policies - how you can specify how the relationship between a client, servives and scopes actually works. This is different from how you request a specific audience to become part of a token. There is no PR for this but there are discussions going on how it should be implemented. - idpy-oidc -native clients can request different schemes - the control is given back to the application rather than the browser. More policies and configurations for these kind of things are coming. - Roland has been working on wallets on his own fork of idpy-oidc and sending back updates. - new release for pyop - still in use but will be slowly deprecated. c. Satosa - https://github.com/IdentityPython/SATOSA - Ivan has been working on other projects - will be backporting things that were added for EOSC - will be merging things, creating smaller releases. - some work on pyop, anything easy on pysaml2 and satosa - PR-396 <https://github.com/IdentityPython/SATOSA/pull/396> is part of a series of PRs created by Sven Haardiek <https://github.com/shaardie> around ldap_attribute_store (395-398). Ivan will go ahead and merge all of them. 398 was trickier but Ivan will test and merge if it doesn't break anything. - Should create a ticket to add tests - going to go ahead and merge because they are an optional microservice. - Kristof wants his MR merged - support for path elements in the base url of satosa - will probably talk more about that. - Matthew's MR https://github.com/IdentityPython/SATOSA/pull/454 - maybe take this into account for AOB below. d. pySAML2 - https://github.com/IdentityPython/pysaml2 - In the same state as satosa above e. Any other project (pyFF, djangosaml2, pyMDOC-CBOR, etc) - pyff - Leif did a few merges. Work around trust info specification - working group around this and to rename it. https://github.com/IdentityPython/pyFF/pull/271 2 - AOB - Matthew previously talked about a POC for code style and github actions - he now has an intern that will be working on this - - would like to pick a relatively smaller library, maybe pysaml2, and provide a POC in a branch which will be reviewed in November so the intern can get feedback. Matthew had suggested Python black for code style, using pre-commit to do the checking, running out of github actions so that linting and tests would happen automatically on pull requests. - From Ivan: - We have some things already but they do not run automatically. So we have a basis but it can be extended. - On pysaml2 we have a few relevant MRs: - https://github.com/IdentityPython/pysaml2/pull/882 - https://github.com/IdentityPython/pysaml2/pull/816 - We also have a devs guide - https://github.com/IdentityPython/pysaml2/blob/master/DEVELOPERS.md - and linters configured: - https://github.com/IdentityPython/pysaml2/blob/master/pyproject.toml#L200-L… - Let's do this in a way so that it can be inherited by other projects. - Roland would like to find a new time for this call. - Shayna is sending a doodle poll.