Skip to Content.
Sympa Menu

metadata-support - Re: [Metadata-Support] ERROR - checkScopes/upperCase: scope 'UGent.be' includes upper-case characters

Subject: InCommon metadata support

List archive

Re: [Metadata-Support] ERROR - checkScopes/upperCase: scope 'UGent.be' includes upper-case characters


Chronological Thread 
  • From: Nick Roy <>
  • To: Stijn De Weirdt <>
  • Cc: Albert Wu <>, Scott Koranda <>, "" <>, "Fleury, Terry" <>, "" <>, "" <>, David Shafer <>, James Babb <>
  • Subject: Re: [Metadata-Support] ERROR - checkScopes/upperCase: scope 'UGent.be' includes upper-case characters
  • Date: Mon, 25 Feb 2019 16:26:33 +0000

Thanks - I have James Babb, InCommon support engineer, assigned to follow
this with Ian and get it released. Cheers!

Nick

On 25 Feb 2019, at 9:07, Stijn De Weirdt wrote:

> hi nick,
>
> that is great news. looking forward to the fix and thanks again. i owe
> you a few beers ;)
>
> stijn
>
> On 2/25/19 5:05 PM, Nick Roy wrote:
>> After a brief discussion with Ian, we believe it is safe to allow
>> mixed-case scopes, so we will work to get this updated. I will ping Ian on
>> the status of the fix after Global Summit (week of March 11).
>>
>> Best,
>>
>> Nick
>>
>> On 19 Feb 2019, at 11:10, Albert Wu wrote:
>>
>>> Hi Scott and Stijin,
>>>
>>>
>>>
>>> I just briefed Nick Roy regarding this case. He is taking this to the Ops
>>> Advisory Group to determine a course of action.
>>>
>>>
>>>
>>> To the best of my understanding, InCommon filters upper case lettering in
>>> the scope to guard against potential identity mismatch in SP’s due to
>>> inconsistent handling of case sensitivities in identifiers.
>>>
>>>
>>>
>>> Thank you for your patience. I will follow up as soon as the Ops Advisory
>>> Group produces a recommendation.
>>>
>>>
>>>
>>> albert
>>>
>>>
>>>
>>> **From:** Scott Koranda <>
>>> **Date:** Tuesday, February 19, 2019 at 5:15 AM
>>> **To:** David Shafer <>, Albert Wu
>>> <>
>>> **Cc:** "" <>,
>>> "Fleury, Terry" <>, ""
>>> <>, "" <>,
>>> Stijn De Weirdt <>, Scott Koranda
>>> <>
>>> **Subject:** Re: [Metadata-Support] ERROR - checkScopes/upperCase: scope
>>> 'UGent.be' includes upper-case characters
>>>
>>>
>>>
>>> Hi Dave and Albert,
>>>
>>>
>>>
>>> Can you provide an update on this issue?
>>>
>>>
>>>
>>> Thanks,
>>>
>>>
>>>
>>> Scott K
>>>
>>>
>>>
>>> On Wed, Feb 13, 2019 at 8:55 AM David Shafer
>>> <[](<>)> wrote:
>>>
>>>> Jim, just letting you know that I received this message from Feb. 13,
>>>> but not the earlier messages from Feb. 12 or Feb. 8. Checking the list
>>>> archives at
>>>> <https://lists.incommon.org/sympa/arc/metadata-support/2019-02/>
>>>> confirms the earlier messages didn't get through (but they might be
>>>> waiting in an approval queue?).
>>>>
>>>> We'll investigate the original metadata issue-- and the apparent email
>>>> list issue-- and get back to everyone.
>>>>
>>>> Thanks,
>>>>
>>>> Dave
>>>>
>>>> \-----Original Message-----
>>>> From:
>>>> <[](<>)>
>>>> on behalf of "Basney, Jim"
>>>> <[](<>)>
>>>> Reply-To:
>>>> "[](<>)"
>>>>
>>>> <[](<>)>
>>>> Date: Wednesday, February 13, 2019 at 3:46 AM
>>>> To: Stijn De Weirdt
>>>> <[](<>)>, Scott
>>>> Koranda
>>>> <[](<>)>,
>>>>
>>>> "[](<>)"
>>>>
>>>> <[](<>)>
>>>> Cc: "Fleury, Terry"
>>>> <[](<>)>,
>>>> "[](<>)"
>>>> <[](<>)>,
>>>> "" <>
>>>> Subject: [Metadata-Support] ERROR - checkScopes/upperCase: scope
>>>> 'UGent.be' includes upper-case characters
>>>>
>>>> Hi,
>>>>
>>>> I think our messages aren't getting through to
>>>> [](<>).
>>>> I'm trying again to see if we can get assistance with this InCommon
>>>> eduGAIN metadata import problem.
>>>>
>>>> -Jim
>>>> ________________________________________
>>>> From: Stijn De Weirdt
>>>> <[](<>)>
>>>> Sent: Tuesday, February 12, 2019 12:30 PM
>>>> To: Scott Koranda;
>>>> [](<>)
>>>> Cc: Fleury, Terry; [](<>);
>>>>
>>>> Subject: Re: testidp with qa idp
>>>>
>>>> hello all,
>>>>
>>>> can we help with some more info or something else to get some
>>>> progress
>>>> on this?
>>>>
>>>> many thanks,
>>>>
>>>> stijn
>>>>
>>>> On 2/8/19 12:26 PM, Scott Koranda wrote:
>>>> >
>>>> > This time including ...
>>>> >
>>>> >> Hi Stijn,
>>>> >>
>>>> >> I am forwarding your note to
>>>> [](<>).
>>>> They will be
>>>> >> able to explain in detail why the metadata for your IdP has been
>>>> >> excluded from the InCommon metadata feed that CILogon uses. They
>>>> will
>>>> >> also be able if necessary to consult with eduGAIN and the Belnet
>>>> >> Federation operators.
>>>> >>
>>>> >> Thanks,
>>>> >>
>>>> >> Scott K for CILogon
>>>> >>
>>>> >>> hi terry,
>>>> >>>
>>>> >>>> [java] ERROR - Item
>>>> <https://identity.ugent.be/simplesaml/saml2/idp/metadata.php> (BE) was
>>>> marked with the following Error status messages
>>>> >>>> [java] ERROR - checkScopes/upperCase: scope 'UGent.be'
>>>> includes upper-case characters
>>>> >>> oh boy...
>>>> >>>
>>>> >>>>
>>>> >>>>
>>>> >>>> The rules for eduGAIN metadata import can be found at
>>>> >>>>
>>>> <https://spaces.at.internet2.edu/display/InCFederation/Interfederation+Technical+Policy>
>>>> >>> the rules do not mention anything about not allowing uppercase
>>>> letters
>>>> >>> (not that we checked upfront years ago, but still).
>>>> >>>
>>>> >>>> .
>>>> >>>>
>>>> >>>> After you fix this issue in your local federation metadata,
>>>> >>> unfortunately, that will not happen that easily. we would need
>>>> to change
>>>> >>> our scope, and who knows what the fallout will be.
>>>> >>>
>>>> >>> we would also need some very good argument why this is needed
>>>> (aside
>>>> >>> from the fatc that we need the CILogon service ;)
>>>> >>> ideally there is some document stating that uppercase is not
>>>> allowed;
>>>> >>> but edugain doesn't seem to mind.
>>>> >>> eg if
>>>> >>>
>>>> <https://github.internet2.edu/InCommon/inc-meta/blob/master/mdx/incommon/edugain-policy.xml>
>>>> >>> is an actual edugain policy, we are clearly not compliant with
>>>> edugain
>>>> >>> (and that is (or might be) a valid reason to fix it, even with
>>>> large
>>>> >>> fallout)
>>>> >>>
>>>> >>> however, if it is not, then we have a serious problem.
>>>> >>>
>>>> >>> it is also annoying that even for regexps, uppercase is not
>>>> allowed.
>>>> >>> and to make it worse in our case, even with uppercase regex
>>>> allowed, the
>>>> >>> regex literal tail is a valid existing domainname;
>>>> >>> on the other hand if the uppercase regex would constitute a
>>>> valid
>>>> >>> domain, then we should be able to use it as valid scope.
>>>> >>>
>>>> >>> do you have any contact info for the people who are familiar
>>>> with this
>>>> >>> policy?
>>>> >>>
>>>> >>> many thanks,
>>>> >>>
>>>> >>>
>>>> >>> stijn
>>>>
>>>> \--
>>>> You received this message because you are subscribed to the Google
>>>> Groups "help" group.
>>>> To unsubscribe from this group and stop receiving emails from it,
>>>> send an email to
>>>> [](<>).
>>>>
>>>>
>>>>
>>
>>
>>

Attachment: signature.asc
Description: OpenPGP digital signature




Archive powered by MHonArc 2.6.19.

Top of Page