Skip to Content.
Sympa Menu

metadata-support - Re: [Metadata-Support] ERROR - checkScopes/upperCase: scope 'UGent.be' includes upper-case characters

Subject: InCommon metadata support

List archive

Re: [Metadata-Support] ERROR - checkScopes/upperCase: scope 'UGent.be' includes upper-case characters


Chronological Thread 
  • From: Nick Roy <>
  • To: Albert Wu <>
  • Cc: Scott Koranda <>, Stijn De Weirdt <>, "" <>, "Fleury, Terry" <>, "" <>, "" <>, David Shafer <>
  • Subject: Re: [Metadata-Support] ERROR - checkScopes/upperCase: scope 'UGent.be' includes upper-case characters
  • Date: Mon, 25 Feb 2019 16:05:32 +0000

After a brief discussion with Ian, we believe it is safe to allow mixed-case scopes, so we will work to get this updated. I will ping Ian on the status of the fix after Global Summit (week of March 11).

Best,

Nick

On 19 Feb 2019, at 11:10, Albert Wu wrote:

Hi Scott and Stijin,

 

I just briefed Nick Roy regarding this case. He is taking this to the Ops Advisory Group to determine a course of action.

 

To the best of my understanding, InCommon filters upper case lettering in the scope to guard against potential identity mismatch in SP’s due to inconsistent handling of case sensitivities in identifiers.

 

Thank you for your patience. I will follow up as soon as the Ops Advisory Group produces a recommendation.

 

albert

 

From: Scott Koranda <>
Date: Tuesday, February 19, 2019 at 5:15 AM
To: David Shafer <>, Albert Wu <>
Cc: "" <>, "Fleury, Terry" <>, "" <>, "" <>, Stijn De Weirdt <>, Scott Koranda <>
Subject: Re: [Metadata-Support] ERROR - checkScopes/upperCase: scope 'UGent.be' includes upper-case characters

 

Hi Dave and Albert,

 

Can you provide an update on this issue?

 

Thanks,

 

Scott K

 

On Wed, Feb 13, 2019 at 8:55 AM David Shafer <> wrote:

Jim, just letting you know that I received this message from Feb. 13, but not the earlier messages from Feb. 12 or Feb. 8. Checking the list archives at https://lists.incommon.org/sympa/arc/metadata-support/2019-02/ confirms the earlier messages didn't get through (but they might be waiting in an approval queue?).

We'll investigate the original metadata issue-- and the apparent email list issue-- and get back to everyone.

Thanks,

Dave

-----Original Message-----
From: <> on behalf of "Basney, Jim" <>
Reply-To: "" <>
Date: Wednesday, February 13, 2019 at 3:46 AM
To: Stijn De Weirdt <>, Scott Koranda <>, "" <>
Cc: "Fleury, Terry" <>, "" <>, "" <>
Subject: [Metadata-Support] ERROR - checkScopes/upperCase: scope 'UGent.be' includes upper-case characters

    Hi,

    I think our messages aren't getting through to . I'm trying again to see if we can get assistance with this InCommon eduGAIN metadata import problem.

    -Jim
    ________________________________________
    From: Stijn De Weirdt <>
    Sent: Tuesday, February 12, 2019 12:30 PM
    To: Scott Koranda;
    Cc: Fleury, Terry; ;
    Subject: Re: testidp with qa idp

    hello all,

    can we help with some more info or something else to get some progress
    on this?

    many thanks,

    stijn

    On 2/8/19 12:26 PM, Scott Koranda wrote:
    >
    > This time including ...
    >
    >> Hi Stijn,
    >>
    >> I am forwarding your note to . They will be
    >> able to explain in detail why the metadata for your IdP has been
    >> excluded from the InCommon metadata feed that CILogon uses. They will
    >> also be able if necessary to consult with eduGAIN and the Belnet
    >> Federation operators.
    >>
    >> Thanks,
    >>
    >> Scott K for CILogon
    >>
    >>> hi terry,
    >>>
    >>>> [java] ERROR - Item https://identity.ugent.be/simplesaml/saml2/idp/metadata.php (BE) was marked with the following Error status messages
    >>>> [java] ERROR -     checkScopes/upperCase: scope 'UGent.be' includes upper-case characters
    >>> oh boy...
    >>>
    >>>>
    >>>>
    >>>> The rules for eduGAIN metadata import can be found at
    >>>> https://spaces.at.internet2.edu/display/InCFederation/Interfederation+Technical+Policy
    >>> the rules do not mention anything about not allowing uppercase letters
    >>> (not that we checked upfront years ago, but still).
    >>>
    >>>> .
    >>>>
    >>>> After you fix this issue in your local federation metadata,
    >>> unfortunately, that will not happen that easily. we would need to change
    >>> our scope, and who knows what the fallout will be.
    >>>
    >>> we would also need some very good argument why this is needed (aside
    >>> from the fatc that we need the CILogon service ;)
    >>> ideally there is some document stating that uppercase is not allowed;
    >>> but edugain doesn't seem to mind.
    >>> eg if
    >>> https://github.internet2.edu/InCommon/inc-meta/blob/master/mdx/incommon/edugain-policy.xml
    >>> is an actual edugain policy, we are clearly not compliant with edugain
    >>> (and that is (or might be) a valid reason to fix it, even with large
    >>> fallout)
    >>>
    >>> however, if it is not, then we have a serious problem.
    >>>
    >>> it is also annoying that even for regexps, uppercase is not allowed.
    >>> and to make it worse in our case, even with uppercase regex allowed, the
    >>> regex literal tail is a valid existing domainname;
    >>> on the other hand if the uppercase regex would constitute a valid
    >>> domain, then we should be able to use it as valid scope.
    >>>
    >>> do you have any contact info for the people who are familiar with this
    >>> policy?
    >>>
    >>> many thanks,
    >>>
    >>>
    >>> stijn

    --
    You received this message because you are subscribed to the Google Groups "help" group.
    To unsubscribe from this group and stop receiving emails from it, send an email to .


Attachment: signature.asc
Description: OpenPGP digital signature




Archive powered by MHonArc 2.6.19.

Top of Page