Page tree
Skip to end of metadata
Go to start of metadata

Developer Call Notes - April 7, 2011

Attendees: Chris Bongaarts, Scott Cantor, Daniel Fisher, Nate Klingenstein, Chad La Joie, Rod Widdowson, Tom Zeller

IdP v2.3 Update: Chad La Joie

  • most bugs closed out
  • two remaining signature issues to be closed out: JOST-150 and SIDP-478
  • a few other small, quick bug/tasks to close out as well

IdP v3.0 Update: Chad La Joie

  • Attribute Resolver and Filtering Engine
    • working copies checked in
    • architecture documentation to up be updated/written next week
    • outstanding issue with the attribute resolver: Plugin conditions currently use Spring expressions which ties the resolver to Spring. Chad investigating use of Java Unified Expression Language instead.
  • Chad did some more evaluation work with Spring WebFlow, in particular it's conversation mechanism. All the tests looked good, he feels there is a good chance this can be used in IdPv3 to build up the profile handlers.

MDA v0.5: Chad La Joie

  • Metadata Aggregator v0.5 developer preview release announced on dev list

Testing Frameworks and Methods in OpenSAMLv3, IdPv3, MDA, etc.: Chad La Joie, Rod Widdowson

  • v2 code uses JUnit 3 and XMLUnit (for XML document comparison)
  • Rod and Brent are discussing whether XMLUnit is really doing what it should be when performing comparisons
  • New v3 code is moving to TestNG
  • XMLUnit could be used with TestNG as well, Brent will look in to this further

Use of Hudson/Jenkins Continuous Integration Servers : Daniel Fisher

  • Daniel asked if the Shib project had considered using Hudson/Jenkins?
  • Yes, we have but to date, our current development model doesn't really necessitate, nor would it benefit much from, the use of such a service. So, for now, we're not using it.

Updates from IETF: Scott Cantor

  • Moonshot Updates
    • Moonshot has made significant progress over the last few weeks
    • Use of SAML may change over time
    • Most applications that support GSS/SASL are able to accept new mechanisms fairly easily
      • there had been significant concerns that this might not be the case
      • Cyrus SASL needs to get GSSv2 support before it can accept new mechanisms easily
    • Scott is looking to get support for his new channel binding work on to the Shib roadmap
    • Scott is looking to get Holder of Key support in to the SP sooner rather than later
  • DANE
    • The DANE project is focused on putting key/certs in DNS
    • One camp within the project views this as a way of indicating which CA a services end entity certificate should be rooted in (to prevent use of certs improperly issued from other CAs)
    • The other camp views this is a more SAML metadata-like way of binding end-entity certs to a service
    • This work, if it gains acceptance, may impact the way in which the Shib software looks up entity certs

xmlsectool Packaged as an RPM

  • xmlsectool identified as a good first candidate for packaging up Java code as RPMs
  • Peter Schober has provided an RPM spec file
  • Scott will look in to this more in the coming weeks

Tom Zeller's Dev List Email

  • Scott commented that a lot of the work that fueled the initial Shibboleth development was the failure of various federated LDAP projects, in particular the inability to put in place good release policies
  • this is X.500 all over again
  • the Australian people picker, often held up as an example of this type of service, failed
  • email addresses, as a personal identifier used to look up user data across systems, is the winning method currently but has obvious privacy implications
  • the underlying question that really needs to be answered is "Is the ability to enumerate all of a particular type of data object (e.g., person record, group record) behavior that should be expected within a federation or is the lack of such a feature one of the tradeoffs in moving to a federated model?"

Embedded DS Packaging

  • Scott has requested feedback on how the Embedded DS will be packaged as an RPM; no real feedback from sysadmins yet
  • CSS will be removed from the minification process

Next Call:
May 5th, 1500UTC

  • No labels