GDPR/Compliance Team Meeting - May 08, 2019
This meeting of the Joomla! Compliance Team has been held on May 08, 2019 at 16.30 CET on Glip.
In attendance: Achilleas Papageorgiou, Luca Marzo, Sandra Decoux, Roland Dalmulder, Sander Potjer, Alkaios Anagnostopoulos.
- Roland has been working, the past two weeks, on the SSO integration dealing with the reported issues, updating the RO SSO extension with more GUI features, updating SimpleSAMLphp and securing the final installation. All tasks can now be done via the GUI and we no longer need to do anything on the command line. This should make maintenance a lot easier.
- After security concerns coming from Michael Babker, Roland moved to composer packages.
- Roland updated the RO SSO that now has the feature to add service providers as well as identity providers. The service providers handling is a brand new feature. This is the place where we register new service providers. A cool side effect is that we have a list of all connected sites, so it is easy to see which ones are missing. These views also have a refresh button to reload the metadata from the given clients. In case a client is outdated we can refresh it that way.
- Roland the next days will work to add cronjob that refreshes the metadata at set intervals. Finally, Roland rewrote all the views to Twig because SimpleSAMLphp is moving to this with version 2.0 and is currently supporting Twig already. This ensures readiness for the 2.0 release of SimpleSAMLphp.
- Alkaios to review and propose changes to the cookie script in order to align policies with the already installation on the OSM property and also any previous decisions on that topic. Luca, Sandra and Achilleas to contribute on anywhere needed. The final update will shared with Sander to be applied to the Joomla.org Properties.
- Alkaios to create and share some demo scripts with Sander to test the way that the template works.
- Sander to proceed with the review of the Privacy Guidance for extensions that Achilleas shared.
- Luca to upload the presentation regarding the current status of the SSO and the next steps to The Joomla! Community Portal.
- The team discussed and re-evaluated some points regarding the user flows of the age consents collection and management. Two basic user groups existed, the community users and the OSM Members. There is a restriction in the Bylaws that restricts the opportunity of being elected as Officers or Department Coordinators to members who are 18 years old or older. Regarding the community users several issues regarding the great heterogeneous area of age consent worldwide was discussed (not limited to US and EU area only). Achilleas to prepare a document with the user consent steps with proposed functions to be reviewed and approved by the Board of Directors in order to proceed with the development.
Join the Compliance Team
The Joomla Compliance Team is looking for new volunteers.
Lawyers or people with legal/compliance background, GDPR/data protection experts and developers are more than welcome to join the team. Please get in touch with Achilleas Papageorgiou firstname.lastname@example.org
Next meeting will take place on May 15, 2019 at 16.30 CET on Glip.
Meeting ends after 105 minutes.