Streamlining SP Onboarding WG

[Nick Roy <>]

I should note that sites that refresh metadata but do not verify the
signature are putting themselves and all of their federation partners at
great risk.  This is fundamental to our security model.  Please let me
know if you have any questions or would like me to elaborate.

Best,

Nick

On 1/17/18 2:57 PM, Nick Roy wrote:
> Hi all,
> 
> I have one piece of feedback on the questionnaire: could you please
> include a question about metadata signature verification in the "Trust"
> section?
> 
> Something along the lines of:
> 
> "Does your site verify the XML digital signature on the root element of
> the downloaded InCommon metadata each time you refresh metadata, to
> ensure that the signature is valid, and was signed by the private key
> that corresponds to the public key published by InCommon operations, and
> reject any metadata found to not be validly signed?"
> 
> Thank you,
> 
> Nick Roy on behalf of InCommon Operations
> 
> 
> On 1/17/18 2:39 PM, Garrett King wrote:
>> Thanks Alan, and agreed with your comments.  I’ll get some of this
>> feedback incorporated between this week and the next WG meeting.
>>
>> Garrett
>>
>> On Jan 17, 2018, 5:16 AM -0500, Alan Buxey 
>> <>,
>> wrote:
>>> hi, apologies in advance, I won't be able to make todays meeting -
>>> kids things to deal with (nothing serious/worrying etc - just mundane
>>> things)
>>>
>>> however, to further the questionnaire discussion and provide feedback
>>> - having gone through the form a couple of times, I would say that
>>> some of the stuff that appears on the no/don't know page should be
>>> moved to the previous page - so that there's some info or 'more info'
>>> link
>>> on the actual question page - allowing the user to understand or check
>>> before they choose an option. eg link to InCommon certificate
>>> requirements
>>>
>>> alan
>