InCommon Operations Notifications

[Thomas Scavo <>]

We have incomplete evidence at this time, so what I'm about to say is a 
working hypothesis only.

Earlier this week, an eduGAIN participant organization (CAF) introduced bad 
characters into entity metadata, which exercised a latent bug in the metadata 
aggregation tool (pyFF) that eduGAIN operations uses to verify and sign 
metadata. Consequently, on Monday, March 21, eduGAIN published an aggregate 
with a faulty signature that the InCommon metadata signing process did not 
properly handle.

eduGAIN operations has already taken steps to prevent the publication of an 
aggregate with a bad signature. InCommon operations is still considering its 
options. I will provide another update when I have more details.

Tom

________________________________________
From: Thomas Scavo
Sent: Monday, March 21, 2016 7:52 PM
To: 

Cc: InCommon Administration
Subject: metadata was NOT published today!

For some unknown reason, the metadata signing process did not run to 
completion today. Consequently, a new metadata file was not published to the 
server. To compensate, we are planning to sign metadata twice tomorrow, once 
in the morning and once in the afternoon.

The metadata currently on the server was signed and published last Friday, 
March 18. Today’s metadata updates will be published tomorrow (Tuesday) 
morning at approximately 9:00 am ET. We will then sign and publish metadata 
again at the usual time, between 2:30 and 3:30 pm ET.

No metadata has been lost or compromised. Once we know why today’s metadata 
signing process failed, we will follow up with details.

I apologize for any inconvenience this may have caused. If you have questions 
or concerns, please contact us at 


Tom Scavo
Operations Manager
InCommon.org