2012-01-12

Owned by ChadC
Last updated: Jan 24, 2012Version comment
2 min read

Shibboleth Developer's Meeting, January 12, 2012

Attendees: Scott Cantor, Jim Fox, Chad La Joie, Brent Putman, Rod Widdowson, Ian Young, Tom Zeller

Next Face-to-Face Meeting

  • no need to have a face-to-face meeting before we meet in April in DC

VT-LDAP SSL/TLS Issue

  • VT LDAP library does not verify the hostname against the certificate it receives for LDAPS
  • Per Sun/Oracle's docs, the JDK does not do hostname verification for protocols other than HTTPS because those specifications don't explicitly say to do so
  • Scott, Chad, Daniel talked about various options
  • Daniel will do an exact match implementation and may take code from the apache http components for wild card support and will do a new release with the fix
  • Chad will do an IdP 2.x release and security advisory once the new VT-LDAP lib is available

OpenSAML v3 Update

  • Brent has not done any significant work as he's been away for the holidays

Java Support Lib

  • a new library, built on top of Google Guava, containing the utility classes from the opensaml-util, IDP, and Metadata Aggregator projects
  • java-support is a new project in the utilities SVN repo
  • 1.0.0 release expected in 2-3 weeks

WiX Update

  • Scott and Rod may meet up to discuss this in March when they are co-located
  • Less of a concern for Java software because those products are more self-contained
  • Scott and Rod have been emailing back and forth about the use of WiX installers and the depths of how it operates
  • There are various ways in which WiX can operate when upgrading an install - some methods aren't great and will require a modest amount of work
  • Moonshot folks have asked Scott if we can generate merge-module installer
  • Merge modules do allow for cleaner bug fixes of dependent libraries but creating them is an effort
  • One thing to be investigated is whether MS MSI is going to be dumped?
  • AI Rod will ask about this when at MS next month
  • AI Rod will think about risk reduction in case installer doesn't work as expected
  • Rod will probably begin building a test installer either early Feb or early March
  • AI Rod will make some sensible estimates on how long the test installer will take

Release Engineering

  • Chad is document release process for Java products
  • Scott will document release for C++ products
  • We should designate a back-up build engineer for both Java and C++ products
    • Proposed Rod as backup for Scott and Brent as backup for Chad
  • Some C++ products have had false positives from virus checkers. Probably should have a clean VM to do release builds for C++ and Java products.
  • What VM product/format should we use? Everyone except Scott seems to have VMWare.

GoToMeeting Performance

  • Seems to work okay, couple people said they liked it better than current conferencing service
  • GoToMeeting had previously been a Java WebStart application which meant all it's executed code was pulled down from the web. Now it's a standalone desktop app so less of concern there.
  • When do meeting IDs change? Whenever a new event is scheduled. If an event is scheduled as reoccuring it will have the same ID (and thus the meeting initiation URL can be bookmarked) for each instance of the meeting

Next Meeting: January 26, 1600UTC