inc-ops-notifications - [InCommon NOTICE] Incident report: InCommon metadata validity window
Subject: InCommon Operations Notifications
List archive
- From: Johnny Lasker <>
- To: "" <>
- Subject: [InCommon NOTICE] Incident report: InCommon metadata validity window
- Date: Mon, 24 Feb 2025 23:16:47 +0000
- Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=internet2.edu; dmarc=pass action=none header.from=internet2.edu; dkim=pass header.d=internet2.edu; arc=none
- Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=NC2ldupeA/V0ztnW/AlUtZm0k+1v6kcibxbL/kjQ/oI=; b=NAawOSCFOuD9XWxEQX1EB2eHdxM2nUbrDd7lOlDl/2MyN93yVdXlnqeJrjAJZnDgvZjb8ACXJ4sIinjhMcGR5eait09/GST78GtysKD7IE/vTTpDxzQAIN3kwU0Zb3R3iP3clEabt1twCVoEpiaHQAh1A+aGJZUckOa6jIxDLenZdOY9b8RvOX8dSYWaJU5mpbasPRkkMkFY7IFlKDnohKVUpNQvnE6i6r4MPZTma/7v1W2/fCynEVI73AtU6s7kZIxlVKp8Fjv6J3MUFUcOIQG23kimb7a8dML4hN0ymJqaILXpiKPguFQHK0vB7joKUnl0U5aEEkALulH98voF8w==
- Arc-seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=EvwHF0OrZCTxQUUH8z+9X2sOMxTPRwPYKEFgQ6YlqMskBH9oThEunZ4aeO0WTF4r9EdEGigh1A1II32ImPQbZC4V9Mp4YulWre8S8HAglaK+YiKImHroH3A1rpAYbhRiGoWUnPH89GDt1RqKOquygoLxoHn0A0XF9TpWEWnAH8ieren7u4xzTfSF0vo79SD7/Of0up+HHJC7kzqL7W3WCNZtdE4ZxG6tslPWBO0p1xvysqtK9lMYYrvuDe+tjHaBI+AZuakw7n70cWvgTY+yb4JYGlQzBqP2E9kAUM58gQqM13S0N2tEMSfj09VdfW8ff1z2VlFEuYBvjsfUaciIJA==
|
Dear InCommon Site Administrators,
As part of InCommon’s commitment to transparency, we publish reports on security and non-security incidents which affect the operation of the InCommon federation. InCommon deployed an update to its MDA configuration on 02/3/25 which introduced a change to the metadata validity window, bumping it from 14 days to 21 days. For InCommon participants using metadata aggregates AND metadata configurations set to reject metadata with a maxValidityInterval greater than 14 days, on 02/17/25, after the file-backed metadata on their servers expired, service interruptions began. On-call support advised those affected to update their maxValidityInterval to 21 days or higher. Troubleshooting the change and potential remediation became the focus with outward messaging following. Operations worked together to update the legacy and MDQ aggregates to again use the 14 day validity window on 02/18/25. We worked to fix the issue as soon as we found out about it, and have provided a report on it on our Incident Handling wiki page: https://spaces.at.internet2.edu/x/1QDGCg.
If you have any questions or concerns, please feel free to send a note to .
Johnny Lasker Principal Service Integration Engineer Internet2 Trust & Identity Pronouns: he, him, his
|
- [InCommon NOTICE] Incident report: InCommon metadata validity window, Johnny Lasker, 02/24/2025
Archive powered by MHonArc 2.6.24.