[Idpy-discuss] Notes: idpy developers call, 27 November 2018

Heather Flanagan hlflanagan at sphericalcowgroup.com
Tue Nov 27 14:51:03 UTC 2018


Attendees:
Christos, Johan L, Roland, Heather, Martin, Ivan, Rainer

Notes:
0. Agenda bash

1. Introductions (if needed)

2. Project review
- Satosa (Satosa PRs - https://github.com/IdentityPython/SATOSA)
Roland still waiting to hear from Ivan on creating a federation aware 
front end to satosa; they will discuss at a f2f meeting next week.

Many things are on the list. Ivan has been working on the configuration 
options, which have been intermixed with config options for pySAML. The 
way we specify how we want to sign an assertion is also messes up with 
the other options. Satosa should only dictate what values go to the 
configurations and pySAML should handle the encryptions. Ivan will roll 
out the small changes separately, then will later start deprecating the 
current options in Satosa and only use the pySAML options. Ivan will 
discuss this further with Johan.

After the options are sorted out, will work on logging (which will also 
impact pySAML - want to use the same logger, using the same format, 
throughout the whole stack).

Martin has an issue regarding creating a better, default/common template 
for direct user interfacing. This starts again through pySAML and how it 
handles exceptions; this needs to surface up to Satosa for 
interpretation, otherwise Satosa doesn’t actually know anything about 
this. Does Satosa actually need to handle the error, or can it just 
present a static  error page? Maybe. Rainer points out that SAML has an 
error URL in metadata; it shouldn’t be the responsibility for a 
transparent proxy to engage in user interactions. Ivan suggests that the 
error should be in a JSON format that can be presented to something else 
for handling (e.g., display or redirection, etc)

Instrumentation discussion: instrumentation is different than error 
handling; it is more like log handling. Ivan will probably define 
various stable things during execution (e.g., PID, statistics of system, 
request ID) and then provide more context as things are processed. The 
logging will (probably) be in JSON format. This is higher priority than 
error handling. If we go forward with structured logging, we have more 
options for monitoring the service.


- pySAML (https://github.com/IdentityPython/pysaml2)
PR 485 - may be able to do this in a more efficient way, but it works as 
is. Ivan will likely refactor in a future release. In particular, 
handling redirect binding request with Satosa.

Other small changes around general code quality, and updates on examples 
to make them work with Python 3. It is a big question about moving from 
Python 2 to Python 3 exclusively. Python 2 will no longer be updated 
past 2020 (see https://pythonclock.org). Would like to reach out to 
other projects using pySAML; there is something in GitHub 
(https://github.com/IdentityPython/pysaml2/network/dependents) that 
would help with this, but that list needs to be cleaned up. Can there be 
a deprecation warning that appears during pySAML upgrades? Not sure; 
Ivan will follow up. Alternatively, put a warning in the install log and 
have the install fail, redirecting the user to another package.

PR 556 and PR 548 and Issue 549 - name handling. Ivan will be going 
forward with this, but via a transition phase. Some changes will be made 
to make warnings surface.


- pyFF (https://github.com/IdentityPython/pyFF)
Martin opened two PRs for pyFF last week. Reloading metadata, and fixing 
the command line parser.
Leif is still working on splitting the pyFF code to separate the 
discovery component from the metadata handling component.
Still hoping that Leif moves away from CherryPi to flask.


- Governance docs (https://github.com/IdentityPython/Governance)
Had the first governance meetings. No hard decisions yet, but hopefully 
by the next meeting we will have decisions re: the CLA and the IPR home. 
Notes are in the mailing list archive 
(https://lists.sunet.se/pipermail/idpy-board/).


3. AOB
TIIME - Rainer has reserved a room for us.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.sunet.se/pipermail/idpy-discuss/attachments/20181127/48e446a9/attachment.html>


More information about the Idpy-discuss mailing list