None

1) sigver refactor to have a xmlsec wrapper or a python native library to: a) disable weaks algorithms https://github.com/IdentityPython/pysaml2/pull/628 <https://github.com/IdentityPython/pysaml2/pull/628> b) stop making I/O disk, create new files or do system call to get xmlsec works https://github.com/IdentityPython/pysaml2/pull/634 <https://github.com/IdentityPython/pysaml2/pull/634> c) implement/fix some other issues/features related to this Ivan: What is here can be merged, but more needs to be done. Pepe: Is there a right moment to let the use choose which tool they want to use to do this kind of task? Ivan: there are two backends now, one that directly calls the xmlsec1 binary. The other is pyxmlsecurity ( https://github.com/IdentityPython/pyXMLSecurity <https://github.com/IdentityPython/pyXMLSecurity>), which is built through idpy, and while it does lack some things, basic support for most common operations are there. It also supports all the py11 stuff. We could extend it to support more things. Ivan: need to support https://github.com/IdentityPython/pysaml2/blob/master/src/saml2/sigver.py#L… <https://github.com/IdentityPython/pysaml2/blob/master/src/saml2/sigver.py#L644> 2) Encrypt Assertion if SP have encrytion keys into its metadata (as Shibboleth already does). I'll have to dug into code to make a proposal, if there come some suggestions: I'll appreciate. Multiple options to configure this behavior. This must be an explicit options; just because you have an encryption key doesn’t mean you want it to always be used. See https://github.com/IdentityPython/pysaml2/blob/master/src/saml2/config.py#L… <https://github.com/IdentityPython/pysaml2/blob/master/src/saml2/config.py#L36> See https://github.com/IdentityPython/pysaml2/blob/master/src/saml2/config.py#L… <https://github.com/IdentityPython/pysaml2/blob/master/src/saml2/config.py#L104-L106> b. Satosa - https://github.com/IdentityPython/SATOSA <https://github.com/IdentityPython/SATOSA>