Skip to Content.
Sympa Menu

inc-ops-notifications - [InCommon NOTICE] Re: metadata was NOT published today!

Subject: InCommon Operations Notifications

List archive

[InCommon NOTICE] Re: metadata was NOT published today!


Chronological Thread 
  • From: Thomas Scavo <>
  • To: "" <>
  • Cc: InCommon Administration <>
  • Subject: [InCommon NOTICE] Re: metadata was NOT published today!
  • Date: Thu, 24 Mar 2016 13:46:58 +0000
  • Accept-language: en-US
  • Authentication-results: incommon.org; dkim=none (message not signed) header.d=none;incommon.org; dmarc=none action=none header.from=internet2.edu;
  • Spamdiagnosticmetadata: NSPM
  • Spamdiagnosticoutput: 1:23

We have incomplete evidence at this time, so what I'm about to say is a
working hypothesis only.

Earlier this week, an eduGAIN participant organization (CAF) introduced bad
characters into entity metadata, which exercised a latent bug in the metadata
aggregation tool (pyFF) that eduGAIN operations uses to verify and sign
metadata. Consequently, on Monday, March 21, eduGAIN published an aggregate
with a faulty signature that the InCommon metadata signing process did not
properly handle.

eduGAIN operations has already taken steps to prevent the publication of an
aggregate with a bad signature. InCommon operations is still considering its
options. I will provide another update when I have more details.

Tom

________________________________________
From: Thomas Scavo
Sent: Monday, March 21, 2016 7:52 PM
To:

Cc: InCommon Administration
Subject: metadata was NOT published today!

For some unknown reason, the metadata signing process did not run to
completion today. Consequently, a new metadata file was not published to the
server. To compensate, we are planning to sign metadata twice tomorrow, once
in the morning and once in the afternoon.

The metadata currently on the server was signed and published last Friday,
March 18. Today’s metadata updates will be published tomorrow (Tuesday)
morning at approximately 9:00 am ET. We will then sign and publish metadata
again at the usual time, between 2:30 and 3:30 pm ET.

No metadata has been lost or compromised. Once we know why today’s metadata
signing process failed, we will follow up with details.

I apologize for any inconvenience this may have caused. If you have questions
or concerns, please contact us at


Tom Scavo
Operations Manager
InCommon.org


Archive powered by MHonArc 2.6.16.

Top of Page