InCommon Metadata Diff List

[InCommon Operations <>]

The following diff compares the current production metadata with the
previously issued version of the production metadata.  It is also at
https://wayf.incommonfederation.org/metadata-diff/prod-prod/prod-prod-1592579458-validUntil.2020-07-03T14.58.07Z.diff

diff --git a/InCommon-metadata.xml b/InCommon-metadata.xml
index bcc5c55..ac55991 100644
--- a/InCommon-metadata.xml
+++ b/InCommon-metadata.xml
@@ -1,8 +1,8 @@
-<?xml version="1.0" encoding="UTF-8"?><EntitiesDescriptor 
xmlns="urn:oasis:names:tc:SAML:2.0:metadata" 
xmlns:alg="urn:oasis:names:tc:SAML:metadata:algsupport" 
xmlns:ds="http://www.w3.org/2000/09/xmldsig#"; 
xmlns:icmd="http://id.incommon.org/metadata"; 
xmlns:idpdisc="urn:oasis:names:tc:SAML:profiles:SSO:idp-discovery-protocol" 
xmlns:init="urn:oasis:names:tc:SAML:profiles:SSO:request-init" 
xmlns:mdattr="urn:oasis:names:tc:SAML:metadata:attribute" 
xmlns:mdrpi="urn:oasis:names:tc:SAML:metadata:rpi" 
xmlns:mdui="urn:oasis:names:tc:SAML:metadata:ui" 
xmlns:remd="http://refeds.org/metadata"; 
xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" 
xmlns:shibmd="urn:mace:shibboleth:metadata:1.0" 
xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"; 
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"; ID="INC20200618T185131" 
Name="urn:mace:incommon" validUntil="2020-07-02T18:51:31Z"><Signature 
xmlns="http://www.w3.org/2000/09/xmldsig#";><SignedInfo><CanonicalizationMethod
 Algorithm="http://www.w3.org/2001/10/
 xml-exc-c14n#"/><SignatureMethod 
Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/><Reference 
URI="#INC20200618T185131"><Transforms><Transform 
Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/><Transform 
Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/></Transforms><DigestMethod
 
Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/><DigestValue>DO4EYOIwpjpfMM8kcfInsM/RdgdB8SahZEWqNsXkN8A=</DigestValue></Reference></SignedInfo><SignatureValue>MjyU3qDpyiPKIz8tcvjLKriYUqw9FD4TjPuldrZA1eiWcJZ8Pl1vUhWOhlKRmiSEqyrET42pmmvf
-b2VvtQDxwBGbPsMn7UrSgGwKWFhDrU7fqW9qJnUF9F3PYP3TwN1Lc5ObD2kuAoHxJUm4jXVRcf/c
-qMpAVDUyb311B+6DHU+vH8mPuJD8mlknnDtlxHXWm///IWLWBzUN9N0qkaT9rJC9dauqk79qWrjj
-y1bwOLk865iKWwOUIoeEMSlDVX9yEB44BpMuHf/TxTwEzCfgYS+uIjkgCY1TD9ud5MnZsFEdyUQF
-XJqtZx4sIUDFUoubht40fvxsrLwvjdrvZR5oxw==</SignatureValue><KeyInfo><X509Data><X509Certificate>MIIDgTCCAmmgAwIBAgIJAJRJzvdpkmNaMA0GCSqGSIb3DQEBCwUAMFcxCzAJBgNVBAYTAlVTMRUw
+<?xml version="1.0" encoding="UTF-8"?><EntitiesDescriptor 
xmlns="urn:oasis:names:tc:SAML:2.0:metadata" 
xmlns:alg="urn:oasis:names:tc:SAML:metadata:algsupport" 
xmlns:ds="http://www.w3.org/2000/09/xmldsig#"; 
xmlns:icmd="http://id.incommon.org/metadata"; 
xmlns:idpdisc="urn:oasis:names:tc:SAML:profiles:SSO:idp-discovery-protocol" 
xmlns:init="urn:oasis:names:tc:SAML:profiles:SSO:request-init" 
xmlns:mdattr="urn:oasis:names:tc:SAML:metadata:attribute" 
xmlns:mdrpi="urn:oasis:names:tc:SAML:metadata:rpi" 
xmlns:mdui="urn:oasis:names:tc:SAML:metadata:ui" 
xmlns:remd="http://refeds.org/metadata"; 
xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" 
xmlns:shibmd="urn:mace:shibboleth:metadata:1.0" 
xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"; 
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"; ID="INC20200619T145807" 
Name="urn:mace:incommon" validUntil="2020-07-03T14:58:07Z"><Signature 
xmlns="http://www.w3.org/2000/09/xmldsig#";><SignedInfo><CanonicalizationMethod
 Algorithm="http://www.w3.org/2001/10/
 xml-exc-c14n#"/><SignatureMethod 
Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/><Reference 
URI="#INC20200619T145807"><Transforms><Transform 
Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/><Transform 
Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/></Transforms><DigestMethod
 
Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/><DigestValue>kVBSkW09NcNKPqxTzHJfQ8Bhwm7xC7HMgjPObs1BRG0=</DigestValue></Reference></SignedInfo><SignatureValue>tuZwjx2yOH26oxdiZqVrfYxTLWx9H3SVkzELu/e69co/zFSqrKGPvy3r9EZqAB9Lec3R22qB/gc4
+FtSMo1qW2+tQ3R8FmrhOfUPjIa/3xoN6U9bYIX0MgFh0FeP5P6gN9lVdGEhJUKhevrRk7G42fFxz
+uU5MlsgAZ0VOm0HMCdSva5BDKx4IUXqEjcOFlBnfA8Py7IO9zv/2YlKLNpWQDnf/zIMgYdT1+buF
+Y+icvRb+kuW/esYIGw7Y3hM2BwfrWXUaROF3UWXOrhj8c5Rs79yBq4tJjmOPG1yejwo0x1Pm10OK
+phAL3VrVjXELUW9m6nR1OTb6vmhkKvTEQMrtsA==</SignatureValue><KeyInfo><X509Data><X509Certificate>MIIDgTCCAmmgAwIBAgIJAJRJzvdpkmNaMA0GCSqGSIb3DQEBCwUAMFcxCzAJBgNVBAYTAlVTMRUw
 EwYDVQQKDAxJbkNvbW1vbiBMTEMxMTAvBgNVBAMMKEluQ29tbW9uIEZlZGVyYXRpb24gTWV0YWRh
 dGEgU2lnbmluZyBLZXkwHhcNMTMxMjE2MTkzNDU1WhcNMzcxMjE4MTkzNDU1WjBXMQswCQYDVQQG
 EwJVUzEVMBMGA1UECgwMSW5Db21tb24gTExDMTEwLwYDVQQDDChJbkNvbW1vbiBGZWRlcmF0aW9u
@@ -19,7 +19,7 @@ 
qEbjhBFh/utXaeyeSOtaX65GwD5svDHnJBclAGkzeRIXqxmYG+I2zMm/JYGzEnbwToyC7yF6Q8cQ
 xOr37hEpqz+WN/x3qM2qyBLECQFjmlJrvRLkSL15PCZiu+xFNFd/zx6btDun5DBlfDS9DG+SHCNH
 
6Nq+NfP+ZQ8CGzP/3TaZPzMlKPDCjp0XOQfyQqFIXdwjPFTWjEusDBlm4qJAlQ==</X509Certificate></X509Data></KeyInfo></Signature>
 <Extensions>
-  <mdrpi:PublicationInfo creationInstant="2020-06-18T18:51:31Z" 
publisher="https://incommon.org"/>
+  <mdrpi:PublicationInfo creationInstant="2020-06-19T14:58:07Z" 
publisher="https://incommon.org"/>
 </Extensions>
 <EntityDescriptor entityID="https://issues.shibboleth.net/shibboleth";>
   <Extensions>
@@ -185209,6 +185209,7 @@ jhao0WXgTHHQUUpEzZXrh/Bzyw==
     <AssertionConsumerService 
Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" 
Location="https://granite-curr.courseleaf.com/Shibboleth.sso/SAML2/POST"; 
index="265"/>
     <AssertionConsumerService 
Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" 
Location="https://nextcatalog.registrar.uiowa.edu/Shibboleth.sso/SAML2/POST"; 
index="266"/>
     <AssertionConsumerService 
Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" 
Location="https://currentcatalog.registrar.uiowa.edu/Shibboleth.sso/SAML2/POST";
 index="267"/>
+    <AssertionConsumerService 
Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" 
Location="https://uiowa-test.courseleaf.com/Shibboleth.sso/SAML2/POST"; 
index="268"/>
     <AttributeConsumingService index="1">
       <ServiceName xml:lang="en">CourseLeaf</ServiceName>
       <ServiceDescription xml:lang="en">Leepfrog Technologies 
CourseLeaf</ServiceDescription>
@@ -378884,7 +378885,8 @@ PewgKNx+cRI=
     <AssertionConsumerService 
Binding="urn:oasis:names:tc:SAML:2.0:bindings:PAOS" 
Location="https://uvacreate.virginia.edu/Shibboleth.sso/SAML2/ECP"; index="4"/>
     <AssertionConsumerService 
Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" 
Location="https://engr.uvacreate.virginia.edu/Shibboleth.sso/SAML2/POST"; 
index="5"/>
     <AssertionConsumerService 
Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST-SimpleSign" 
Location="https://engr.uvacreate.virginia.edu/Shibboleth.sso/SAML2/POST-SimpleSign";
 index="6"/>
-    <AssertionConsumerService 
Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact" 
Location="https://engr.uvacreate.virginia.edu/Shibboleth.sso/SAML2/ECP"; 
index="7"/>
+    <AssertionConsumerService 
Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact" 
Location="https://engr.uvacreate.virginia.edu/Shibboleth.sso/SAML2/Artifact"; 
index="7"/>
+    <AssertionConsumerService 
Binding="urn:oasis:names:tc:SAML:2.0:bindings:PAOS" 
Location="https://engr.uvacreate.virginia.edu/Shibboleth.sso/SAML2/ECP"; 
index="8"/>
     <AttributeConsumingService index="1">
       <ServiceName xml:lang="en">UVA Create Web Hosting Service</ServiceName>
       <ServiceDescription xml:lang="en">Master the tools and technology that 
make up the web to build your own space online.</ServiceDescription>
@@ -446803,39 +446805,68 @@ RJdy6XKOaUwmEHbmZ/lYby/qc0YqZTZyvWdGNBW7+cU=
       <idpdisc:DiscoveryResponse 
Binding="urn:oasis:names:tc:SAML:profiles:SSO:idp-discovery-protocol" 
Location="https://tk20.ehe.osu.edu/Shibboleth.sso/Login"; index="2"/>
       <mdui:UIInfo>
         <mdui:DisplayName xml:lang="en">TK20 SSO</mdui:DisplayName>
-        <mdui:Description xml:lang="en">Single Sign-On provides users with 
access to multiple environments with a single, secure password. Most 
universities maintain their web portals; on-campus users would use single 
authentication information to log in. Once logged in, they can access various 
websites or services, such as Tk20. Typically, in this scenario, once the 
user is authenticated via the portal, a request forwards to Tk20. When the 
software receives the request, a secure handshake with the web portal ensures 
the request is legitimate. After the request is validated, information 
pertaining to the user attempting access to Tk20 is exchanged. The software 
ensures that the user trying to access Tk20 is a valid Tk20 user. After 
passing the checks, the user is immediately directed to the Tk20 account home 
page in the application. In this case, the user does not see the Tk20 login 
page because the authentication only happens once when the user logs in to 
the web portal on campus. 
 Tk20 merely integrates with the web portal, ensures the proper authorization 
and allows the user into the Tk20 system. The Tk20 system is designed to 
allow access to users who do not have access to the campus portal, but do 
need access to Tk20. In such cases, the authentication information of such 
users is maintained locally in the Tk20 database
-</mdui:Description>
+        <mdui:Description xml:lang="en">Single Sign-On provides users with 
access to multiple environments with a single, secure password. Most 
universities maintain their web portals; on-campus users would use single 
authentication information to log in. Once logged in, they can access various 
websites or services, such as Tk20. Typically, in this scenario, once the 
user is authenticated via the portal, a request forwards to Tk20. When the 
software receives the request, a secure handshake with the web portal ensures 
the request is legitimate. After the request is validated, information 
pertaining to the user attempting access to Tk20 is exchanged. The software 
ensures that the user trying to access Tk20 is a valid Tk20 user. After 
passing the checks, the user is immediately directed to the Tk20 account home 
page in the application. In this case, the user does not see the Tk20 login 
page because the authentication only happens once when the user logs in to 
the web portal on campus. 
 Tk20 merely integrates with the web portal, ensures the proper authorization 
and allows the user into the Tk20 system. The Tk20 system is designed to 
allow access to users who do not have access to the campus portal, but do 
need access to Tk20. In such cases, the authentication information of such 
users is maintained locally in the Tk20 database</mdui:Description>
         <mdui:InformationURL 
xml:lang="en">https://www1.taskstream.com/</mdui:InformationURL>
         <mdui:PrivacyStatementURL 
xml:lang="en">https://www.watermarkinsights.com/privacy-policy/</mdui:PrivacyStatementURL>
         <mdui:Logo height="1000" width="2000" 
xml:lang="en">https://www.watermarkinsights.com/wp-content/themes/taskstream/parts/svgs/watermark.php</mdui:Logo>
       </mdui:UIInfo>
     </Extensions>
-    <KeyDescriptor>
+    <KeyDescriptor use="signing">
+      <ds:KeyInfo>
+        <ds:X509Data>
+          <!-- Serial No. 10585185416662980058, expires on Mon Jun 17 
13:47:44 2030 GMT -->
+          <ds:X509Certificate>
+MIID0DCCAjigAwIBAgIJAJLmIg3B15XaMA0GCSqGSIb3DQEBCwUAMA4xDDAKBgNV
+BAMTA29zdTAeFw0yMDA2MTkxMzQ3NDRaFw0zMDA2MTcxMzQ3NDRaMA4xDDAKBgNV
+BAMTA29zdTCCAaIwDQYJKoZIhvcNAQEBBQADggGPADCCAYoCggGBAM3cdIQwxbDe
+Du1RPr6Vd42gLunKJHnPImtI4XIOBieqWDRimM04K9wB/qfq57bpVc2BCS1s+YA8
+uNSD5+FBVQe/7RypfHYN20hRCZAPRFLffX0W0y28rkhp4yDZjxVq1gwWIHdbtWyh
+wqbyKSpv48w6LpXVyBFmtH+SqlwB5QgQgwyXFLeb9OHW0nwm23scl0okspvgQ42+
+wGWsbIdZUAe3PpxIQnyfQi9yOmmEI9oefcMTvdOXbQgqb1lSug/hdVzQ4KxvBr+5
+9OUesl+FHlEXj0JwFsVyvyCKLf6NGHq/Nw/O+J/7omapKGM9lnxAZGQoI/zMGUn1
+fA2hvBsuulip+V1fljl9sUu+j0yWAROSt2O6uviRjev3FmtZ8P1NzCjbhdfZibhG
+MCxrN0TcCFogVQzhUQcWnYx3hjh0qTYbzJq/e18erjSSp2Lu6fHJ9oXKajqkEsdc
+dquiO1nzd6dCD3xmfL42OOvLAppR1r60z3dhJKK57edOwP4wHM1TIQIDAQABozEw
+LzAOBgNVHREEBzAFggNvc3UwHQYDVR0OBBYEFLXvCVNX4QNstNgpOlDdniQeLgZT
+MA0GCSqGSIb3DQEBCwUAA4IBgQBs7oyPSI0sQGzDnWzhKz7D0NPqApbrDrFMxd4U
+bO2tf++9AYveOf1HDUCUd9JwPSO0IznbKeCqyJ2AIAR2/xmVvV5f/MzsDjJGITOV
+3ym7QwpE4V9wIW7WHtvtxvYO8LqXO/sO4Is4ILuIgXKlFuDpdt4/4CkHKlLJdgm1
+eyIloIsw1N7edjwhBJ3CdNEl2Ug9iGBIUKj94ZXFKpGJpHYMynlHY7XYqfBQ/GPj
+Zfs8R9+A2Ws0XsldoGxuM6biAs/Ke1PqQzmmgrQYdis1CpbSJQvb4Em8WtA0MqYS
+CYsiu5RULOeAdLIhjmL2RGqBt1SpuWa9yMWfi8oveoRR50+XvlgDnaKCn/3ik7Wc
+8u7kfE42vcR07UmkTWeGfGHObVJqOFZby3cSGrKGon/Iex/fj1SJ+IBkUnaoepc4
+rwzxuw4H0BuZh/eOtII5Dz3MiEGwikZ5y748vBrwqWAoFz7wOPBJsJAEOxS4HZtg
+qnspHcsMB6cBKkJ7jqdsp68XAvA=
+          </ds:X509Certificate>
+        </ds:X509Data>
+      </ds:KeyInfo>
+    </KeyDescriptor>
+    <KeyDescriptor use="encryption">
       <ds:KeyInfo>
         <ds:X509Data>
-          <!-- Serial No. 13055599478814939800, expires on Sun Sep  5 
11:26:37 2027 GMT -->
+          <!-- Serial No. 17804384165062258221, expires on Mon Jun 17 
13:47:46 2030 GMT -->
           <ds:X509Certificate>
-MIID0DCCAjigAwIBAgIJALUuzo3wihqYMA0GCSqGSIb3DQEBCwUAMA4xDDAKBgNV
-BAMTA29zdTAeFw0xNzA5MDcxMTI2MzdaFw0yNzA5MDUxMTI2MzdaMA4xDDAKBgNV
-BAMTA29zdTCCAaIwDQYJKoZIhvcNAQEBBQADggGPADCCAYoCggGBANVpqu8A+Ipd
-ESHxIz7nQthxZP5qOW1H/dMOx6Mq2Mh/ybW867MRnZl6FSqHvMDsGaVJ7AEa9UeN
-Ml06iGlVHjPRNgkAK0OfPU3QMdI5J8ZDcGqAWewsDcDApsCE0CAPiZjYyrINdxCy
-sChNtlU61EAKSUGi6xCZABHRxKbOfsMNhrbshHkK4p8v1nZASp/hKLE5NYLnjiMO
.
.
.
The complete diff is available here:
https://wayf.incommonfederation.org/metadata-diff/prod-prod/prod-prod-1592579458-validUntil.2020-07-03T14.58.07Z.diff

An archive of this and past prod-prod diffs is available here:
https://wayf.incommonfederation.org/metadata-diff/prod-prod/?C=M;O=D

This is a one-way, notification only email list. If you have questions,
please email . You can also discuss related issues
with the community on .

- InCommon Federation Operations