[Idpy-discuss] Notes: idpy developers call, 27 November 2018
hlflanagan at sphericalcowgroup.com
Tue Nov 27 14:51:03 UTC 2018
Christos, Johan L, Roland, Heather, Martin, Ivan, Rainer
0. Agenda bash
1. Introductions (if needed)
2. Project review
- Satosa (Satosa PRs - https://github.com/IdentityPython/SATOSA)
Roland still waiting to hear from Ivan on creating a federation aware
front end to satosa; they will discuss at a f2f meeting next week.
Many things are on the list. Ivan has been working on the configuration
options, which have been intermixed with config options for pySAML. The
way we specify how we want to sign an assertion is also messes up with
the other options. Satosa should only dictate what values go to the
configurations and pySAML should handle the encryptions. Ivan will roll
out the small changes separately, then will later start deprecating the
current options in Satosa and only use the pySAML options. Ivan will
discuss this further with Johan.
After the options are sorted out, will work on logging (which will also
impact pySAML - want to use the same logger, using the same format,
throughout the whole stack).
Martin has an issue regarding creating a better, default/common template
for direct user interfacing. This starts again through pySAML and how it
handles exceptions; this needs to surface up to Satosa for
interpretation, otherwise Satosa doesn’t actually know anything about
this. Does Satosa actually need to handle the error, or can it just
present a static error page? Maybe. Rainer points out that SAML has an
error URL in metadata; it shouldn’t be the responsibility for a
transparent proxy to engage in user interactions. Ivan suggests that the
error should be in a JSON format that can be presented to something else
for handling (e.g., display or redirection, etc)
Instrumentation discussion: instrumentation is different than error
handling; it is more like log handling. Ivan will probably define
various stable things during execution (e.g., PID, statistics of system,
request ID) and then provide more context as things are processed. The
logging will (probably) be in JSON format. This is higher priority than
error handling. If we go forward with structured logging, we have more
options for monitoring the service.
- pySAML (https://github.com/IdentityPython/pysaml2)
PR 485 - may be able to do this in a more efficient way, but it works as
is. Ivan will likely refactor in a future release. In particular,
handling redirect binding request with Satosa.
Other small changes around general code quality, and updates on examples
to make them work with Python 3. It is a big question about moving from
Python 2 to Python 3 exclusively. Python 2 will no longer be updated
past 2020 (see https://pythonclock.org). Would like to reach out to
other projects using pySAML; there is something in GitHub
would help with this, but that list needs to be cleaned up. Can there be
a deprecation warning that appears during pySAML upgrades? Not sure;
Ivan will follow up. Alternatively, put a warning in the install log and
have the install fail, redirecting the user to another package.
PR 556 and PR 548 and Issue 549 - name handling. Ivan will be going
forward with this, but via a transition phase. Some changes will be made
to make warnings surface.
- pyFF (https://github.com/IdentityPython/pyFF)
Martin opened two PRs for pyFF last week. Reloading metadata, and fixing
the command line parser.
Leif is still working on splitting the pyFF code to separate the
discovery component from the metadata handling component.
Still hoping that Leif moves away from CherryPi to flask.
- Governance docs (https://github.com/IdentityPython/Governance)
Had the first governance meetings. No hard decisions yet, but hopefully
by the next meeting we will have decisions re: the CLA and the IPR home.
Notes are in the mailing list archive
TIIME - Rainer has reserved a room for us.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Idpy-discuss