inc-ops-notifications - [InCommon NOTICE] validating the domains in metadata
Subject: InCommon Operations Notifications
List archive
- From: Thomas Scavo <>
- To: "" <>
- Subject: [InCommon NOTICE] validating the domains in metadata
- Date: Fri, 7 Apr 2017 13:41:25 +0000
- Accept-language: en-US
- Authentication-results: incommon.org; dkim=none (message not signed) header.d=none;incommon.org; dmarc=none action=none header.from=internet2.edu;
- Ironport-phdr: 9a23:dgi1qh1KRfmsdRACsmDT+DRfVm0co7zxezQtwd8ZseMWKfad9pjvdHbS+e9qxAeQG96KtbQc1aGI6+jJYi8p2d65qncMcZhBBVcuqP49uEgeOvODElDxN/XwbiY3T4xoXV5h+GynYwAOQJ6tL1LdrWev4jEMBx7xKRR6JvjvGo7Vks+7y/2+94fdbghMhTexe69+IRS5oQjQqsUdnJdvJLs2xhbVuHVDZv5YxXlvJVKdnhb84tm/8Zt++ClOuPwv6tBNX7zic6s3UbJXAjImM3so5MLwrhnMURGP5noHXWoIlBdDHhXI4wv7Xpf1tSv6q/Z91SyHNsD4Ubw4RTKv5LptRRT1iikIKiQ5/XnXhMJukaxbvByvqR9+w4HIb4+aO+Fzfr/Efd8GWWZNQtpdWixHD4ihb4UPFe0BPeNAoofjp1sOqh6+ChO3BOjy1zFHmmX53bM90+88FgzGwBYgH8kSv3vOstX1M7wfUeGzzKnU0zrDdfVW1inh6ITWaBwuv+yDXa9pfMfX1EIhFBvFg02NpYD5MD6ZzOsAvmqB4+dvSO6jkXMrpxx+rzS328shiovEipgVx13F7yl13ok4KcOiREJmfdKoDZ1dvDyAOYRsWMMtWWRotT46yrIYvZ67ezAHxow7yhDYd/CKfZGE7BzkWuufODt4g2lqd6ylixa17Eig1vbzVs6p0FZMsyVJiMHMtmoK1xzP9MeIVud9/kam2TaJzQzT7fxEIVwwlarcLJ4hwaQ8mYYUsUTGBiP2mUP2g7GKdkg85+Sk9+vqbq/pq5KeLYN5hRzyPr4zlsCiDuk0Kg0OUHKa+eS42r3j50r5QLBSg/0qiKnZq4zVKt4Fpq6+GAJV04Aj6wqhADe81tQXg2UHIExfdB2ZkofpJknCIOrkAvenn1SsjDBryujHPr3nHprNKX3DkLLmfbZ78UJczxAzzd9G65JVDLEOPOv/WkjptNzDFxM5NQu0w/rmCNVz14MRRXiAArOYMKPVt1+I/fkiI+2NZI8OpDb9MOYp6+TvjX8/hV8SY7Op3Z0JZ3CkAPhqOVuWbmfxgoRJLWBf9As4R6ntkEbHVzlPZnizVKsg5zY9E6qnC4zEQ4WqhvqGxijxVslXYGsDDUiXVHHva4SKWvwFdCOVJNRJkzoPUr2kTIln0guh4lzU0b1ie9bU/SgRrtrY39Fr4KWHiQsp/jVqCOyc1X2AVWd5gjlOSjMrivMs6Xdhw0uOhPAry8dTEsZesqtE
- Spamdiagnosticmetadata: NSPM
- Spamdiagnosticoutput: 1:99
You are receiving this message because you are an InCommon Site Administrator
(or are otherwise subscribed to this mailing list). This message is FYI only.
Beginning on Monday, April 10, the InCommon Registration Authority (RA) will
no longer validate the domains in the endpoint locations in registered
metadata. The RA will continue to validate the domain in the entityID in both
SP and IdP metadata, as well as the Scope in IdP metadata, but the domains in
the endpoint locations will no longer be checked by the RA. This includes the
domains in the endpoint locations in both SP and IdP metadata.
This new policy will have the greatest effect on the owners of SP metadata.
Until now, the use of “foreign domains” in SP endpoint locations required a
difficult and sometimes lengthy validation process. After consultation with
both the Ops Advisory Group and the Technical Advisory Committee, it was
determined that the existing process provides no security benefit to InCommon
participants and therefore the process can be safely eliminated.
If you have concerns or questions about this new policy, please contact us at
Tom Scavo
For the InCommon RA
- [InCommon NOTICE] validating the domains in metadata, Thomas Scavo, 04/07/2017
Archive powered by MHonArc 2.6.19.