InCommon metadata support

[Nick Roy <>]

Excellent! Thank you for confirming and for your patience.

Best,

Nick

On 22 Mar 2019, at 2:02, Stijn De Weirdt wrote:

> hi all,
>
> i can now login on cilogon.
>
> a big thanks to all involved for fixing this!
>
>
> stijn
>
>
> On 3/20/19 8:59 PM, James Babb wrote:
>> Stijn and all--
>>
>> The new MDA is deployed as of this afternoon. After tomorrow's metadata 
>> signing and publication (3PM-ish US Eastern Daylight Time), 
>> https://identity.ugent.be/simplesaml/saml2/idp/metadata.php will be in the 
>> published metadata available to CILogon.
>>
>>
>> On 3/19/19, 11:12 AM, "Stijn De Weirdt" <> wrote:
>>
>>     hi nick,
>>
>>     thanks for the update. clearly i was just a bit too impatient ;)
>>
>>     stijn
>>
>>     On 3/19/19 5:08 PM, Nick Roy wrote:
>>     > Hi Stijn,
>>     >
>>     > We plan to release the MDA upgrade tomorrow, after we sign metadata, 
>> about 3-4 p.m. US Eastern Time. If for some reason we aren't able to do it 
>> then, we will plan for Monday, March 25th.
>>     >
>>     > Best,
>>     >
>>     > Nick
>>     >
>>     > On 18 Mar 2019, at 10:46, Stijn De Weirdt wrote:
>>     >
>>     >> hi all,
>>     >>
>>     >> is there any news (or an ETA) on resolving this issue?
>>     >>
>>     >> many thanks,
>>     >>
>>     >> stijn
>>     >>
>>     >> On 2/25/19 5:26 PM, Nick Roy wrote:
>>     >>> Thanks - I have James Babb, InCommon support engineer, assigned to 
>> follow this with Ian and get it released. Cheers!
>>     >>>
>>     >>> Nick
>>     >>>
>>     >>> On 25 Feb 2019, at 9:07, Stijn De Weirdt wrote:
>>     >>>
>>     >>>> hi nick,
>>     >>>>
>>     >>>> that is great news. looking forward to the fix and thanks again. 
>> i owe
>>     >>>> you a few beers ;)
>>     >>>>
>>     >>>> stijn
>>     >>>>
>>     >>>> On 2/25/19 5:05 PM, Nick Roy wrote:
>>     >>>>> After a brief discussion with Ian, we believe it is safe to 
>> allow mixed-case scopes, so we will work to get this updated. I will ping 
>> Ian on the status of the fix after Global Summit (week of March 11).
>>     >>>>>
>>     >>>>> Best,
>>     >>>>>
>>     >>>>> Nick
>>     >>>>>
>>     >>>>> On 19 Feb 2019, at 11:10, Albert Wu wrote:
>>     >>>>>
>>     >>>>>> Hi Scott and Stijin,
>>     >>>>>>
>>     >>>>>>
>>     >>>>>>
>>     >>>>>> I just briefed Nick Roy regarding this case. He is taking this 
>> to the Ops Advisory Group to determine a course of action.
>>     >>>>>>
>>     >>>>>>
>>     >>>>>>
>>     >>>>>> To the best of my understanding, InCommon filters upper case 
>> lettering in the scope to guard against potential identity mismatch in 
>> SP’s due to inconsistent handling of case sensitivities in identifiers.
>>     >>>>>>
>>     >>>>>>
>>     >>>>>>
>>     >>>>>> Thank you for your patience. I will follow up as soon as the 
>> Ops Advisory Group produces a recommendation.
>>     >>>>>>
>>     >>>>>>
>>     >>>>>>
>>     >>>>>> albert
>>     >>>>>>
>>     >>>>>>
>>     >>>>>>
>>     >>>>>> **From:** Scott Koranda <>
>>     >>>>>> **Date:** Tuesday, February 19, 2019 at 5:15 AM
>>     >>>>>> **To:** David Shafer  <>, Albert Wu 
>> <>
>>     >>>>>> **Cc:** ""  
>> <>, "Fleury, Terry" <>, 
>> "" <>, "" 
>> <>, Stijn De Weirdt <>, 
>> Scott Koranda <>
>>     >>>>>> **Subject:** Re: [Metadata-Support] ERROR - 
>> checkScopes/upperCase: scope 'UGent.be' includes upper-case characters
>>     >>>>>>
>>     >>>>>>
>>     >>>>>>
>>     >>>>>> Hi Dave and Albert,
>>     >>>>>>
>>     >>>>>>
>>     >>>>>>
>>     >>>>>> Can you provide an update on this issue?
>>     >>>>>>
>>     >>>>>>
>>     >>>>>>
>>     >>>>>> Thanks,
>>     >>>>>>
>>     >>>>>>
>>     >>>>>>
>>     >>>>>> Scott K
>>     >>>>>>
>>     >>>>>>
>>     >>>>>>
>>     >>>>>> On Wed, Feb 13, 2019 at 8:55 AM David Shafer 
>> <[](<>)> wrote:
>>     >>>>>>
>>     >>>>>>> Jim, just letting you know that I received this message from 
>> Feb. 13, but not the earlier messages from Feb. 12 or Feb. 8. Checking the 
>> list archives at 
>> <https://lists.incommon.org/sympa/arc/metadata-support/2019-02/> confirms 
>> the earlier messages didn't get through (but they might be waiting in an 
>> approval queue?).
>>     >>>>>>>
>>     >>>>>>>  We'll investigate the original metadata issue-- and the 
>> apparent email list issue-- and get back to everyone.
>>     >>>>>>>
>>     >>>>>>>  Thanks,
>>     >>>>>>>
>>     >>>>>>>  Dave
>>     >>>>>>>
>>     >>>>>>>  \-----Original Message-----
>>     >>>>>>>  From: 
>> <[](<>)>
>>  on behalf of "Basney, Jim" 
>> <[](<>)>
>>     >>>>>>>  Reply-To: 
>> "[](<>)" 
>> <[](<>)>
>>     >>>>>>>  Date: Wednesday, February 13, 2019 at 3:46 AM
>>     >>>>>>>  To: Stijn De Weirdt 
>> <[](<>)>, Scott 
>> Koranda 
>> <[](<>)>,
>>  "[](<>)" 
>> <[](<>)>
>>     >>>>>>>  Cc: "Fleury, Terry" 
>> <[](<>)>, 
>> "[](<>)" 
>> <[](<>)>, "" 
>> <>
>>     >>>>>>>  Subject: [Metadata-Support] ERROR - checkScopes/upperCase: 
>> scope 'UGent.be' includes upper-case characters
>>     >>>>>>>
>>     >>>>>>>      Hi,
>>     >>>>>>>
>>     >>>>>>>      I think our messages aren't getting through to 
>> [](<>). 
>> I'm trying again to see if we can get assistance with this InCommon 
>> eduGAIN metadata import problem.
>>     >>>>>>>
>>     >>>>>>>      -Jim
>>     >>>>>>>      ________________________________________
>>     >>>>>>>      From: Stijn De Weirdt 
>> <[](<>)>
>>     >>>>>>>      Sent: Tuesday, February 12, 2019 12:30 PM
>>     >>>>>>>      To: Scott Koranda; 
>> [](<>)
>>     >>>>>>>      Cc: Fleury, Terry; 
>> [](<>); 
>>     >>>>>>>      Subject: Re: testidp with qa idp
>>     >>>>>>>
>>     >>>>>>>      hello all,
>>     >>>>>>>
>>     >>>>>>>      can we help with some more info or something else to get 
>> some progress
>>     >>>>>>>      on this?
>>     >>>>>>>
>>     >>>>>>>      many thanks,
>>     >>>>>>>
>>     >>>>>>>      stijn
>>     >>>>>>>
>>     >>>>>>>      On 2/8/19 12:26 PM, Scott Koranda wrote:
>>     >>>>>>>      >
>>     >>>>>>>      > This time including ...
>>     >>>>>>>      >
>>     >>>>>>>      >> Hi Stijn,
>>     >>>>>>>      >>
>>     >>>>>>>      >> I am forwarding your note to 
>> [](<>). 
>> They will be
>>     >>>>>>>      >> able to explain in detail why the metadata for your 
>> IdP has been
>>     >>>>>>>      >> excluded from the InCommon metadata feed that CILogon 
>> uses. They will
>>     >>>>>>>      >> also be able if necessary to consult with eduGAIN and 
>> the Belnet
>>     >>>>>>>      >> Federation operators.
>>     >>>>>>>      >>
>>     >>>>>>>      >> Thanks,
>>     >>>>>>>      >>
>>     >>>>>>>      >> Scott K for CILogon
>>     >>>>>>>      >>
>>     >>>>>>>      >>> hi terry,
>>     >>>>>>>      >>>
>>     >>>>>>>      >>>> [java] ERROR - Item 
>> <https://identity.ugent.be/simplesaml/saml2/idp/metadata.php> (BE) was 
>> marked with the following Error status messages
>>     >>>>>>>      >>>> [java] ERROR -     checkScopes/upperCase: scope 
>> 'UGent.be' includes upper-case characters
>>     >>>>>>>      >>> oh boy...
>>     >>>>>>>      >>>
>>     >>>>>>>      >>>>
>>     >>>>>>>      >>>>
>>     >>>>>>>      >>>> The rules for eduGAIN metadata import can be found at
>>     >>>>>>>      >>>> 
>> <https://spaces.at.internet2.edu/display/InCFederation/Interfederation+Technical+Policy>
>>     >>>>>>>      >>> the rules do not mention anything about not allowing 
>> uppercase letters
>>     >>>>>>>      >>> (not that we checked upfront years ago, but still).
>>     >>>>>>>      >>>
>>     >>>>>>>      >>>> .
>>     >>>>>>>      >>>>
>>     >>>>>>>      >>>> After you fix this issue in your local federation 
>> metadata,
>>     >>>>>>>      >>> unfortunately, that will not happen that easily. we 
>> would need to change
>>     >>>>>>>      >>> our scope, and who knows what the fallout will be.
>>     >>>>>>>      >>>
>>     >>>>>>>      >>> we would also need some very good argument why this 
>> is needed (aside
>>     >>>>>>>      >>> from the fatc that we need the CILogon service ;)
>>     >>>>>>>      >>> ideally there is some document stating that uppercase 
>> is not allowed;
>>     >>>>>>>      >>> but edugain doesn't seem to mind.
>>     >>>>>>>      >>> eg if
>>     >>>>>>>      >>> 
>> <https://github.internet2.edu/InCommon/inc-meta/blob/master/mdx/incommon/edugain-policy.xml>
>>     >>>>>>>      >>> is an actual edugain policy, we are clearly not 
>> compliant with edugain
>>     >>>>>>>      >>> (and that is (or might be) a valid reason to fix it, 
>> even with large
>>     >>>>>>>      >>> fallout)
>>     >>>>>>>      >>>
>>     >>>>>>>      >>> however, if it is not, then we have a serious problem.
>>     >>>>>>>      >>>
>>     >>>>>>>      >>> it is also annoying that even for regexps, uppercase 
>> is not allowed.
>>     >>>>>>>      >>> and to make it worse in our case, even with uppercase 
>> regex allowed, the
>>     >>>>>>>      >>> regex literal tail is a valid existing domainname;
>>     >>>>>>>      >>> on the other hand if the uppercase regex would 
>> constitute a valid
>>     >>>>>>>      >>> domain, then we should be able to use it as valid 
>> scope.
>>     >>>>>>>      >>>
>>     >>>>>>>      >>> do you have any contact info for the people who are 
>> familiar with this
>>     >>>>>>>      >>> policy?
>>     >>>>>>>      >>>
>>     >>>>>>>      >>> many thanks,
>>     >>>>>>>      >>>
>>     >>>>>>>      >>>
>>     >>>>>>>      >>> stijn
>>     >>>>>>>
>>     >>>>>>>      \--
>>     >>>>>>>      You received this message because you are subscribed to 
>> the Google Groups "help" group.
>>     >>>>>>>      To unsubscribe from this group and stop receiving emails 
>> from it, send an email to 
>> [](<>).
>>     >>>>>>>
>>     >>>>>>>
>>     >>>>>>>
>>     >>>>>
>>     >>>>>
>>     >>>>>
>>
>>

Attachment: signature.asc
Description: OpenPGP digital signature