Skip to Content.
Sympa Menu

metadata-support - Re: [Metadata-Support] Re: MDQ status?

Subject: InCommon metadata support

List archive

Re: [Metadata-Support] Re: MDQ status?


Chronological Thread 
  • From: "Cantor, Scott" <>
  • To: "" <>
  • Subject: Re: [Metadata-Support] Re: MDQ status?
  • Date: Fri, 20 Jul 2018 20:20:39 +0000
  • Accept-language: en-US
  • Authentication-results: spf=pass (sender IP is 128.146.163.16) smtp.mailfrom=osu.edu; incommon.org; dkim=pass (signature was verified) header.d=osu.edu;incommon.org; dmarc=pass action=none header.from=osu.edu;
  • Authentication-results-original: spf=none (sender IP is ) ;
  • Ironport-phdr: 9a23:RzZjMRclJ3wJlB3c0nYTiwOylGMj4u6mDksu8pMizoh2WeGdxcW4Yh7h7PlgxGXEQZ/co6odzbaO7ea4ASQp2tWoiDg6aptCVhsI2409vjcLJ4q7M3D9N+PgdCcgHc5PBxdP9nC/NlVJSo6lPwWB6nK94iQPFRrhKAF7Ovr6GpLIj8Swyuu+54Dfbx9HiTahYL5+Ngm6oRnMvcQKnIVuLbo8xAHUqXVSYeRWwm1oJVOXnxni48q74YBu/SdNtf8/7sBMSar1cbg2QrxeFzQmLns65Nb3uhnZTAuA/WUTX2MLmRdVGQfF7RX6XpDssivms+d2xSeXMdHqQb0yRD+v6bpgRh31hycdLzM38H/ZhNFsjKxVoxyhqR5ww4/Ib4+aO/VzZb/dcsgfRWZdQspdSy5MD4WhZIUPFeoBOuNYopHzq1YQtxS+AxWsBOT1yjNQm3T4wLE10+M9EQHa0gArAtUDv2jOo9XzKKcSVvq1wLPWwTjYaPNWwir95JLWfR88vPGBRLR9etfSx0k3Dw7IgUmcpZb4Mz+J1OkBqWqW4uR6We6ylmIqqhl9riauy8syloXEg54Zx1XZ+Spj3Yo5Odi1RUFnbdOgDJRdsiSXOo9qTs86TWFnpiU3xqEDtJO+ciUG1YgrxxDaZvOdaYeH+B3uWeOLLjtlin9pZLeyihe88US91OLxUNS/3kxQoSpfiNbMs2gA1xzN5ciDTftw5l+v1CqI2QzP6uxIOE46m63VJpI4xb4/jYQcvV7EHi/rhEX5l6iWdlgi+ue18ejneq/mppiAN4Bqlg7+LqUumsu5AegiNQgOQnSb+eC71L3k/k31WqlFjvozkqXBsZDaI9oUprKhDgJazoov8QuzAyuk3dgCn3QKIkhJdA+ag4XoI13OJer3Dfa7g1SiijdrwPXGM6X9DZrXKHjDjLDhfaxn50JC0wczystf549OBr4fPf3zR1f9tMbEAR8hLwy03+HnBc181oMYRW2PBaqZMKbVsV+O/O4vJPOMZIAMtDb4Nfcl++ThgmIjll8BZ6alxIAXaG2gHvR+JEWZe2bsj8wFEWcLpQo+UPfqhEOYXT5SYXayQ7wz5is9CI24EYfPWJqhj6Kc0yemTdVqYTUMD12QGHvha4zBQOoUcCWIPudglDcDUL2mTckmzx7k/Fv/xqZuIuPI82gDqIr708Jpz+zVnhY38DtyScOH3DfeYXtzmzZCbDYwwKdl5QRGwVCfzeIw1/dRE8BU/bUTegAhKNjRw/EsWIO6YR7IYtrcEAXued6hGzxkFohrkdYTf0ZwHcmjhRnf3i2sRqUYjKGPGIdtovOOxGD/ct500G2OlLIsiVUrWINuDSWnneYmrViVXtKX1RzHzODzK+V5vmbW8Xubi2+HvUVWSgl1BKLeQDYSalaF5dX/7UTHSrioT7M9PVgJxc2DL/5SY8byxRVdRfjlMcjDeW/5hG6rTQiF3LKCbYfmOgB/lCXQAUQJiUYfqHGdKE4zCjryomTVCzlrElSpZFnjoqFyrXqhRRosxhqRJ0Rqy7uy/EsTgvqRA/Me174JomEvsTJxSVGmwpTbB8fTqg==
  • Spamdiagnosticmetadata: NSPM
  • Spamdiagnosticoutput: 1:99

I wonder if there's some creative trick one could use whereby periodically a
test would be run that served up an invalid signed metadata instance
containing something that would be externally noticeable as having been
accepted.

Nasty trick, and hard to do with a production system since anything
externally observable would likely break actual use, but it's an interesting
idea. Certainly it's possible if you consider a federated app, where the
"broken" IdP case wouldn't be a real IdP, but for siloed apps, it's much
harder.

But given that almost no siloed app does verify a signature, and likely they
never will, maybe that's an interesting requirement to add to a future R&S
spec and focus on those cases.

Of course, IdPs would also be subject to this.

-- Scott





Archive powered by MHonArc 2.6.19.

Top of Page