Skip to Content.
Sympa Menu

metadata-support - Re: [Metadata-Support] Re: MDQ status?

Subject: InCommon metadata support

List archive

Re: [Metadata-Support] Re: MDQ status?

Chronological Thread 
  • From: Nick Roy <>
  • To: "" <>
  • Subject: Re: [Metadata-Support] Re: MDQ status?
  • Date: Fri, 20 Jul 2018 21:50:41 +0000
  • Accept-language: en-US
  • Authentication-results: spf=none (sender IP is ) ;
  • Ironport-phdr: 9a23:vaTTuBPXdS6Ezrlm2Dsl6mtUPXoX/o7sNwtQ0KIMzox0IvXyrarrMEGX3/hxlliBBdydt6oazbKO+4nbGkU4qa6bt34DdJEeHzQksu4x2zIaPcieFEfgJ+TrZSFpVO5LVVti4m3peRMNQJW2aFLduGC94iAPERvjKwV1Ov71GonPhMiryuy+4ZLebxlJiTanfb9+MAi9oBnMuMURnYZsMLs6xAHTontPdeRWxGdoKkyWkh3h+Mq+/4Nt/jpJtf45+MFOTav1f6IjTbxFFzsmKHw65NfqtRbYUwSC4GYXX3gMnRpJBwjF6wz6Xov0vyDnuOdxxDWWMMvrRr0yRD+s7bpkSAXwhSkHKTA37X3XhMJzgqJVoRKuuxNxzIHPbYGJLfpyYr/Rcc8GSWZfWMtaSixPApm7b4sKF+cPJedYoJX+p1ATsRW+AgmtD/7oxz9OnH/22q073v8gEQHAwAwvAcgOsHLKo9XpKqseS/66w7TVzTjaaf5dxDTz6JDQfxw8vf2BUqh8fMXTxEU1GA7Jk0+cpZH5Mz+JzugAsWaW4/B9We+gkWIrthx9rzi1yssxiITFm5oZyl7a+ih63Io4INi1RUpmbtG+EJZdsj+WOotrTs4sRmxluzo2xqEatZO+YiQHxpsqywLZZveaaYaH+AjjW/yUITpghHJqZra/hxGq/Ea41uDyUdW43VhToiRLldfBuGkB1xvI5ceZUPd9+Vqh2SqU2ADU9+FEJ107mbDDK547xb4wioQcvljfHi/3n0X2irWadkI5+ui07+TnZbLmppyGO4BojQH+N7wims25AesmLggDR3WX9fiz2bH58kD0Qq9Gg/IrnqXDrZzWOdgXqra8AwBP04Yj7xi/Dy2h0NQdhXQHKkhFeBWHjoXyOlHOJuz4Aumlg1Sqjjhr2+7KMqf/DZrQM3jPiK3hcqpl605A1AozyshS55NSCr4dJ/LzX0rxtNveDhMjNAy02ennBMx41owARWKAGLKWP7nOsVCS/+4vOPSMZJcNuDb6Mfgl++XjjXs4mV8GYampxoUbZGq5HvRgP0WWf2DsgtEfHmcWoAYyVvLlh0CfUW0bW3HnFacx+jg3AZ6vSJzeXpiqmqCp3SGwGZhTYWYADUqDWz+8coiYUvsFdCvXOdJ5ijseSZCgTYQm0BSpskn90bUxfcTO/ShNk5Po15BP4PybwRco8i1cDsKB3nuLQn0u2G4EWmllj+hEvUVhxwLbguBDiPtCGIkLvakbWxomNZPa0+1xAszzXQSEZNqSVVK6WYv/UyopQIc3xNkDKwZmFtOugwqL/hLiAqRd1tnpTIcx7rqa2nHwI8hnzHOT0rMmnnEnRNdCL2urmvQ5+gTOVMbE
  • Spamdiagnosticmetadata: NSPM
  • Spamdiagnosticoutput: 1:99

On 7/20/18 2:20 PM, Cantor, Scott wrote:
> I wonder if there's some creative trick one could use whereby periodically
> a test would be run that served up an invalid signed metadata instance
> containing something that would be externally noticeable as having been
> accepted.
> Nasty trick, and hard to do with a production system since anything
> externally observable would likely break actual use, but it's an
> interesting idea. Certainly it's possible if you consider a federated app,
> where the "broken" IdP case wouldn't be a real IdP, but for siloed apps,
> it's much harder.

Interesting idea, but unfortunately it would break the systems that are
doing the right thing, rather than breaking those that aren't, and might
be an incentive to people to not verify the signature. Like you said, it
would have to be non-production.

I am in the early stages of scoping out a test federation, and we plan
to do stuff like rotate keys on the metadata and in the test fixture
SAML deployments to try to make sure people are checking the signature
and also handling IdP/SP key rollover scenarios there.



> But given that almost no siloed app does verify a signature, and likely
> they never will, maybe that's an interesting requirement to add to a future
> R&S spec and focus on those cases.
> Of course, IdPs would also be subject to this.
> -- Scott

Archive powered by MHonArc 2.6.19.

Top of Page