InCommon Operations Notifications

[John Krienke <>]

The InCommon Metadata Signing Cert EXPIRES JUNE 21st.

The new cert is available for 1 week of testing in the following location.
https://wayf.incommonfederation.org/bridge/certs/incommon-test.pem

After one week of testing, it will replace the expiring cert in the production 
location:
https://wayf.incommonfederation.org/bridge/certs/incommon.pem

At that time, the expiring cert will be moved to the following location:
https://wayf.incommonfederation.org/bridge/certs/incommon-exp_2010-06-21.pem

-------------------
WHAT YOU SHOULD DO
-------------------

Download the new cert at the test link above. If the cert validates both the 
Current and Test Metadata, then start using the New cert right away.

------------------
1 WEEK OF TESTING
------------------

Testing will occur from Tuesday MAY 25th through Tuesday JUNE 1st.
* The current (expiring in June) metadata signing Cert will be available in the 
production location.
          o Production Location: 
https://wayf.incommonfederation.org/bridge/certs/incommon.pem
* We will publish metadata signed by old and new certs:
* Metadata locations:
          o http://wayf.incommonfederation.org/InCommon/InCommon-metadata.xml
          o 
http://wayf.incommonfederation.org/InCommon/InCommon-metadata-test.xml
* We will produce a prod-test diff between the metadata files and post it to the 
metadata-diff email list and archive
* We will also test with a very old, already-expired cert with the same key 
(March 2005), validating the test Metadata, in order to forecast problems that 
may occur. None are expected as we had no problems with certificate renewal 2 
years ago. We've already successfully tested with our Internet2 IdP and found no 
problems with validating the metadata.

- InCommon Operations.