InCommon Operations Notifications

[John Krienke <>]

Testing has been completed. We're now signing the production metadata with the 
XMLSecTool.

Send any final questions our way via 


john.



On 9/12/10 11:13 PM, John Krienke wrote:
> Hi all,
>
> We're delaying the signing tool upgrade for one week, until September 22nd, to
> continue testing for a couple of reasons.
> 1. A few Site Admins asked for additional time to test. We'd like to honor 
> that
> request, especially since the window is for a non-critical enhancement.
> 2. We discovered that XMLSecTool validates IdP XML in a slightly different
> manner, leaving out regexp="false" related to the Shibboleth scope extension.
> Because of this, we've reconfigured our system so that IdP metadata will /not/
> be changed by the use of the new XMLSecTool. You'll see that the test metadata
> we are generating now includes regexp="false" for all scopes, as in the
> production metadata.
> http://wayf.incommonfederation.org/InCommon/InCommon-metadata-test.xml
>
> See this page for details on the scope extension:
> https://spaces.internet2.edu/display/SHIB2/MetadataCorrectness#MetadataCorrectness-ScopesandDefaultAttributeValues
>
>
> If you run an IdP, we encourage you to test the test metadata (url above) 
> before
> Sept 22nd.
>
> john.
>
>
> On 9/7/10 4:40 PM, John Krienke wrote:
> > All,
> >
> > InCommon federation operations is changing the tool we sign the metadata with.
> > To follow our metadata change management policy of notification and 
> > testing[1],
> > we're announcing a week of tests with the new tool, starting today. We'll 
> > switch
> > over and sign the production metadata with the new tool on Wednesday, 
> > September
> > 15th. Please test locally with the test metadata file available here:
> > http://wayf.incommonfederation.org/InCommon/InCommon-metadata-test.xml
> >
> > This will not require any modifications to SP or IdP implementations. The 
> > change
> > is internal to our Federation signing operation, and since it affects the way 
> > we
> > issue metadata, we're committed to making sure you know about the change and 
> > can
> > test its results.
> >
> > ================
> > Further Detail:
> > The current tool we use -- metadatatool[2]-- is operating just fine but is
> > getting "long in the tooth" since it was bundled with Shib 1.3 and support for
> > Shib 1.3 ended in June[3]. We're upgrading to use the XMLSecTool[4]. One
> > difference between the two tools: Normalization of XML is handled differently.
> >
> > Optionally, feel free to join the metadata-diff email list to receive the test
> > metadata update notifications and DIFF comparisons[5].
> > ================
> >
> > Send comments or questions to the team at 
> >
> >
> >
> > john.
> >
> > [1]
> > https://spaces.internet2.edu/display/InCCollaborate/Metadata+Change+Management
> > [2] https://spaces.internet2.edu/display/SHIB/IdPRelyingConfig
> > [3]
> > https://lists.internet2.edu/sympa/arc/shibboleth-announce/2009-02/msg00000.html
> > [4] https://spaces.internet2.edu/display/SHIB2/XmlSecTool
> > [5] http://www.incommonfederation.org/contacts.cfm also
> > https://lists.incommon.org/sympa/arc/metadata-diff