inc-ops-notifications - [InCommon NOTICE] Re: InCommon eduGAIN import ruleset change RESCHEDULED to March 7
Subject: InCommon Operations Notifications
List archive
[InCommon NOTICE] Re: InCommon eduGAIN import ruleset change RESCHEDULED to March 7
Chronological Thread
- From: Nick Roy <>
- To: "" <>
- Subject: [InCommon NOTICE] Re: InCommon eduGAIN import ruleset change RESCHEDULED to March 7
- Date: Wed, 7 Mar 2018 17:31:53 +0000
- Accept-language: en-US
- Authentication-results: spf=none (sender IP is ) ;
- Ironport-phdr: 9a23:hRqPHhDTlxld6QtXqMiOUyQJP3N1i/DPJgcQr6AfoPdwSP36osmwAkXT6L1XgUPTWs2DsrQY07GQ6/iocFdDyK7JiGoFfp1IWk1NouQttCtkPvS4D1bmJuXhdS0wEZcKflZk+3amLRodQ56mNBXdrXKo8DEdBAj0OxZrKeTpAI7SiNm82/yv95HJbAhEmDSwbaluIBmqsA7cqtQYjYx+J6gr1xDHuGFIe+NYxWNpIVKcgRPx7dqu8ZBg7ipdpesv+9ZPXqvmcas4S6dYDCk9PGAu+MLrrxjDQhCR6XYaT24bjwBHAwnB7BH9Q5fxri73vfdz1SWGIcH7S60/VDK/5KlpVRDokj8KOT4n/m/Klsx+gqFVoBygpxNjzIDbb5qYNOZnfq/BYd8WWXZNUthXWidcAo28dYwPD+8ZMOhAronyu1gOpgaiCwmrBOLk1zhFhnns3a090+UsCgDG3Ao8H90QqnTUqsv6NLsMXeyv0qbH0CjDYupQ1Dzg5obIdRUhruuNXbJ2acfR1E8vGB/fglqOtIPlIimZ2f4Xs2SD4etvT+Kui2A9pw5soTij3twshZPGh4IUzVDE8z91wIAxJdGgSU57Z8KkH4VKtyGcKYR2Xt0uT3t2tykn170KoYS7fCkIyJQhxh7faeeHc5OW7RLnTuqRJzN4iGp4eLKxnBm961KsxfbmVsWszVlFsC5FksXNtnAK0Rzf8M6HSv9l8keu3jaPyRrf6uZBIUwsj6rUNZghzaQslpUJq0jMADL5mFjsgKCKcUUo4vKo6+P7bbn/oJ+cNo10igTgPaQhhMO/B/40Mg4KX2Wd5O+y16Xj8FXkTLlWgfA6iKbUvZLAKckVqaO1GRJZ3pgj5hqnEjur0doVkWMZIF9Fdh+LlYfkNl7ULPzlEfuzm1qsnyloyvzaO7DsB5XAI3vNkLrkfrtx9VVTxxQ2wN1e5p9ZD7AMLfLtVULwstHTEwU3PBauw+n9DdVwzoMeVnyLAq+eKK7cqUOF6OUzL+WRfYMYpTTyJ+Y86/7plnA2h0URfa603ZsLc3+4GelmI0OEbnb2mtcBC2AKvhYgQ+P2lF2CUDlTZ3CoU6I7+zE7FIamDYDERoCumrCOwCC7HphOamBHDFCDD2voep2ZV/sQZy+eOMBsnz4eWbWvRIItzwyiuBH6xrZ/K+rb4CwYtZbt1Nhv4O3TkAk/9TpuD8Sa02CAVGB0nmUURzAoxqB/p1Jyykud3aRinfNXCMFT6+tTUggmLZ7c0/B6C9fqVwLAeNeGVFGmQtCjATE2SNI92dgOY1xyG9m7jxDD2TalD6YSl7yTH5w466Tc33/tJ8Z8xXbG1bUugEM6QstOMm2mgLV/+hPXB47IiEWZi72qeboG0C7M8meD0XSBvFteUAFuTaXJQ2oTaVXLotTktQv+SOrkCLIsdwxZ0ouELbdLZNzihElHQ/H4ENXYaGW0nmC2QxGSyfnEOIvscCAaxD6YDk8Ykg4S9n+aNA84HQ+gpWnZCTlpExToeUy6osdkr3buaE4/zEmwaFwpg7yv/Q89hPqARukV065e/iottmMnTx6Gw9vKBo/Y9EJad6JGbIZl7Q==
- Spamdiagnosticmetadata: NSPM
- Spamdiagnosticoutput: 1:99
This change is now in place. Please let me know if you have any issues
consuming the updated metadata. If you follow the daily diffs, you will
see a large change today due to a refactoring of namespaces in the
metadata. This resulted in an approximately 1MB reduction in size of the
main aggregate.
As a reminder, the Interfederation Technical Policy, which describes the
rules we use for the import of eduGAIN metadata into InCommon, is kept
up-to-date at: https://spaces.internet2.edu/x/TgCNBQ. You will also find
a link to the daily import logs on that page, which will tell you what
entities were filtered on import, by what rules.
Best regards,
Nick Roy
Director of Technology and Strategy, InCommon / Internet2 Trust and
Identity Services
On 2/26/18 1:13 PM, Nick Roy wrote:
> Due to the impact of retiring the legacy metadata download endpoint,
> which will affect sites on February 27, we are re-scheduling the change
> of our eduGAIN import ruleset to the following week, Wednesday, March 7th.
>
> Best regards,
>
> Nick Roy
> Director of Technology and Strategy, InCommon / Internet2 Trust and
> Identity Services
>
> On 2/22/18 1:20 PM, Nick Roy wrote:
>> Hello,
>>
>> On February 28, InCommon will release version 8 of its eduGAIN import
>> ruleset [1].
>>
>> This ruleset allows us to remove our ban on the importation of regular
>> expression scopes in metadata, but imposes some validity checks on
>> scopes to try to limit security exposure from malformed, overly-broad or
>> otherwise problematic scopes (regular expression or otherwise). Within
>> the next few days, we will publish our updated edugain import policy
>> rules at [2]. I encourage you to take a look at those rules both now and
>> after they are updated (you can add a 'watch' to the page to see when it
>> changes) and let me know if you have any comments. That page also
>> contains links to our daily metadata filtering reports, which you can
>> also examine.
>>
>> The following is a summary of expected changes to imported metadata that
>> will take place on February 28. We have also provided a detailed report
>> (attached), which includes details of the issues affecting these
>> filtered entity descriptors.
>>
>> Entity descriptors which will not be imported starting on February 28th:
>>
>> Issues with invalid, overly-broad or non-public-domain scopes:
>> https://id-dev.unc.edu.ar/idp/shibboleth
>> https://sso.saxion.nl/opensso
>> http://sts.deltion.nl/adfs/services/trust
>> http://sts.roc-nijmegen.nl/adfs/services/trust
>> http://fed.rijnijssel.nl/adfs/services/trust
>> https://cafe.ufba.br/idp/shibboleth
>> https://birk.wayf.dk/birk.php/wayf.aau.dk
>> https://idp.renata.edu.co/idp/shibboleth
>> https://idp.trc.gov.om/idp/shibboleth
>>
>> Issues with ACS, SSO or SLO endpoints that do not use TLS:
>> urn:mace:feide.no:services:no.inspera.assessment.dev
>>
>> RequstedAttribute lacks a NameFormat attribute:
>> https://elixir.mf.uni-lj.si/sp/201506181025
>> https://elixir.mf.uni-lj.si/sp/20150622
>>
>> [1] https://github.internet2.edu/InCommon/inc-meta/releases/tag/incommon-v8
>> [2] https://spaces.internet2.edu/x/TgCNBQ
>>
>> Thank you and best regards,
>>
>> Nick Roy
>> Director of Technology and Strategy, InCommon / Internet2 Trust and
>> Identity Services
>
- [InCommon NOTICE] Re: InCommon eduGAIN import ruleset change RESCHEDULED to March 7, Nick Roy, 03/07/2018
Archive powered by MHonArc 2.6.19.