Skip to Content.
Sympa Menu

inc-ops-notifications - Re: [InCommon NOTICE] Question about entity category for SPs that don't consume metadata

Subject: InCommon Operations Notifications

List archive

Re: [InCommon NOTICE] Question about entity category for SPs that don't consume metadata


Chronological Thread 
  • From: Nick Roy <>
  • To:
  • Subject: Re: [InCommon NOTICE] Question about entity category for SPs that don't consume metadata
  • Date: Thu, 16 Nov 2017 16:26:39 -0700
  • Authentication-results: spf=none (sender IP is ) ;
  • Ironport-phdr: 9a23:y1KfUxXaQ8uTFoX0DfFAl9VcioTV8LGtZVwlr6E/grcLSJyIuqrYbBeHt8tkgFKBZ4jH8fUM07OQ6PGwHzRYqb+681k6OKRWUBEEjchE1ycBO+WiTXPBEfjxciYhF95DXlI2t1uyMExSBdqsLwaK+i764jEdAAjwOhRoLerpBIHSk9631+ev8JHPfglEnjSwbLdxIRmssQndqtQdjJd/JKo21hbHuGZDdf5MxWNvK1KTnhL86dm18ZV+7SleuO8v+tBZX6nicKs2UbJXDDI9M2Ao/8LrrgXMTRGO5nQHTGoblAdDDhXf4xH7WpfxtTb6tvZ41SKHM8D6Uaw4VDK/5KptVRTmijoINyQh/W/KlMJwgqJVrhGvqRNxzIHbYp2aOvV/fq7GYdMXRnBMUtpNWyFPAI6xaZYEAeobPeZfqonwv0MArRqiCgmvGejh1jhIh3/r1qA91eQhCwbG3Qw7EtIPtnTUsMv6NL0UUe+r0KnE0y/PYO1L1jfg8YXFdA0qr/KUXb9obMbd1UYiGxnKg1iSs4DoMC+Z2v4Qv2SG7edsTeCihmA9pw1srTWj3NoghpTJi44P11zJ9zh1zYAoLtOiUkF7e8SrEJ5IuiGaKYR2RsQiTnlwtismzbMKpZC2cDEUxZo+2hLTcvuHfJOW7R75U+aRPCt4i2lieLKigRa97FKsyvXmVsmzzFZFsDZKksXNtnAK0Rzf8M+HSuZh/kel3jaP0APT5vtYLkAzkKrXM58hwrgumZoPqUnPAzP6lUrsgKKZdEgo4Oel5/j9brn7u5ORNZd4igTkPaQvnsy/D/44Mg8LX2WD/+S8zrrj/E3iTbVLiP02jrfWsIrcJcsFuq61HRVZ3Zg+5BaiFzumysgXnWEbLFJZfxKKl4npO1fSL/D/CPe/hlOskDFxy/DBJL3hDYzBLnnFkLj9ZLp97FZcyBEqwdBZ4JJUFrABIPzyWkDtrtPYEh45Mwuyw+b8E9h90oIeWXmTAq+CLq/eq16I5uQzI+aSfo8VvijyK+Q76/L0k3A2hEIdLuGV2s4Wbnv9Gex9ZkOefXvig9wIDWYNuBEWTerhj1iHVjgVYGy9DIwm4TRuLoOtDs/5QZHl1Lqb2zaTH5tKa3pAB0zWV3rkatPXCL83dCuOL5o5wXQ/Xr+7Rtp52A==
  • Spamdiagnosticmetadata: NSPM
  • Spamdiagnosticoutput: 1:99

My apologies, this was intended for a different list.  Please disregard.

Nick

On 11/16/17 4:24 PM, Nick Roy wrote:
> A couple meetings ago, Scott requested that we look at adding an entity
> category that would be self-assertable by SPs that don't consume
> metadata.  That would enable people who need to do key rollover on their
> IdP to know which SPs to reach out to and work through the change
> management problem with.
>
> It occurs to me that we could do something like this:
>
> 1) Publish an IdP in metadata
> 2) Set its HTTP Redirect and HTTP post endpoints to values X and Y on day 1
> 3) Initiate with that IdP with each SP in metadata, record results
> 4) On day 2, update that IdP's configuration and its metadata to change
> the endpoint locations
> 5) On day 4 (after having waited for metadata to propagate), repeat step
> (3), record results
> 6) Compare results from (3) with (5) and label SPs that did not respond
> to (3), or responded to (3) but not (5) as metadata non-refreshers
>
> Scott, it seems like you could do at least part of this with any
> existing IdP in metadata using a script.  Would that get you over the
> hump with your key rollover until ops could look at automating a check
> like this?
>
> Thanks,
>
> Nick




Archive powered by MHonArc 2.6.19.

Top of Page