2020-06-19 Meeting notes

Mike Gorrell

No progress on actions from previous meeting: 

Open questions that Mike Gorrell will investigate:

1. Can the Security Project be setup so that new issues automatically set the Security Level to FOLIO Security Group?
2. Some issues appear to show Security Level but others don't. Investigate. Could be issue type (Epic vs Story vs Task vs Bug).
3. Clarify and/or propose how we set a security level that allows only those who might need to know (ie. the specific developers who might work on issues) 

Review open JIRA Security issues as a team.

Axel raised the issue around why we would need mod-login-saml - could we avoid creating/updating code that handles SSO (mod-login-saml uses pac4j) by leveraging NGINX or Apache plugins. Tod Olson has also asked about this. Allowing FOLIO to provide SSO capability and not relying on an independent technology allows sites - especially those that are managing multiple tenants, to manage the various SSO configs within a FOLIO context - in other words this is beneficial. Ryan raised the suggest that we might create a FOLIO module that encapsulates something like NGINX so that we can get the best of both worlds. Craig will create a spike to see how feasible this is... Axel and Ryan volunteered to help.

Reviewed list and signed priority where there was none. Also assigned teams and upcoming sprints to make sure issues will be reviewed by teams soon. Will review list again next week.