2012-06-28

Owned by ChadC
Last updated: Jun 28, 2012Version comment
3 min read

Shibboleth Developer's Meeting, June 28, 2012

Attendees: Rod Widdowson, Ian Young, Scott Cantor, Jim Fox, Tom Zeller, Paul Hethmon, Nate Klingenstien, Daniel Fisher

Agenda

Infrastructure Update

Currently Migrated
  • LDAP, IdP, Nexus
  • nexus on new hostname
Weekend Outage Post-mortem
  • IdP and SVN became inaccessible
    • Problem was bad OpenLDAP ACL
  • MX records disappeared
    • bug in GoDaddy UI triggered by adding A records and adjusting TTL of MX records
Upcoming Migrations
  • IdP to new hostname
    • all set up and metadata changed - just using a temp file for our SPs at the moment
    • just waiting for A record change
  • Website
    • Everything copied over and deployment script working
    • Just waiting for A record change
  • Mailing list
    • prelim work has been done
    • just need to adjust mail configuration
    • waiting to hear back from Scott L (Uni Edinburgh mail manager)
    • need to think about anti-span setup - probably need to do this
  • Confluence
    • alternative 1: move things as is and upgrade to 3.5
    • alternative 2: upgrade to 4.1 - requires transitioning through some intermediate version
    • looks like alternative 2 should work, we'll try that and check in in two weeks
    • we're about at the EOL of 3.x release cycle
    • 4.1 editor isn't nearly as bad as we feared
    • new markup is based on xhtml - should help if we ever need to move off
  • Jira
    • way behind on upgrades
    • Jim may have plugin for latest Jira

OpenSAML Update

  • Brent on holiday until July 10th
  • Working on new SAML encoders and decoders
  • Basic functionality is complete
  • Some additional refactoring to make full use of the new APIs remains
  • Need to determine remaining set of work

IdP Update

v2.3.7
  • completed and staged
  • Rod generating MSI tomorrow or Saturday
  • Will be announced on Monday
Async SLO
  • SLO protocol extension that indicates the IdP doesn't need to respond to the SP
  • Guarantees the IdP owns the UI and provides more freedom in processing the SLO request
  • Work started in OASIS, should have a draft spec by next SSTC meeting in two weeks
  • Extension for IdP v2 to that only destroys the IdP session
    • see how much work it would be to fire off back-channel request
v3
  • Chad: hashing through authentication APIs, main focus on method selection
  • Tom: getting up to speed on web flow
  • Tom: working on project module that will generate the IdP WAR file

SP Update

Work Left on 2.5
  • Work is mostly complete and people have been testing the installer
  • Installer seems to be in good shape - updating seems to work as well
    • no upgrade support from existing SPs - will just require an uninstall and new install
    • we think we can release patches for dependencies as well (e.g., openssl)
  • Option Items:
    • Async SLO support
    • Something in the metadata generator to populate algorithm strings
      • existing runtime algo selection support in the SP should make this relatively easy
    • Close out some existing bugs after more testing
  • Release
    • another beta in two weeks
    • need to release update of Santaurio library
    • final release at end of July
Red Hat 5 is going to be supported until 2017: implications?
  • some libraries are already really old and contain bugs (e.g., libcurl DNS caching bug)
  • Scott uncomfortable depending on these older libs - we have ability to override libs with new releases
  • SP 2.5 might use new libs - Scott will raise this on the dev list

Project Roadmap

Additional items
  • nexus PGP signature checking plugin
  • Jira remote user authentication plugin
  • Tiqr Review
  • Rescope MDA 1.0 to exclude web service interface
  • Committers should send any additional items to the committers list so we can get them on the roadmap
Prioritization
  • no guidance from existing board
  • new board in place in August so we should be prepared to offer our opinion at the first meeting
  • some problem in translating Internet2 assumptions to statements to the board
  • major concerns about time we're spending on the infrastructure
  • need to have a better plan for IdPv3 especially expected release timeframe
  • Scott will send a note to the committers list outlining what information he needs to prepare a proposal to the new board

Connection Information

Time: 15:30 UTC

Meeting ID: 534-352-638

Web URL: https://www3.gotomeeting.com/join/534352638

Dial-in Phone Numbers
Australia: +61 2 8355 1040
Austria: +43 (0) 7 2088 1400
Belgium: +32 (0) 92 98 0592
Canada: +1 (416) 900-1165
Denmark: +45 (0) 69 91 88 62
Finland: +358 (0) 942 41 5778
France: +33 (0) 182 880 456
Germany: +49 (0) 811 8899 6975
Ireland: +353 (0) 14 845 976
Italy: +39 0 247 92 12 39
Netherlands: +31 (0) 208 080 379
New Zealand: +64 (0) 4 974 7215
Norway: +47 21 03 58 96
Spain: +34 911 82 9782
Sweden: +46 (0) 313 613 558
Switzerland: +41 (0) 225 3314 51
United Kingdom: +44 (0) 203 535 0621
United States: +1 (786) 358-5410