Streamlining SP Onboarding WG

[Garrett King <>]

Hi Nick,

I agree.  I’ll add this to the next WG agenda to make sure we’re accounting for this in the criteria document and calling it appropriately (per your example) in the questionnaire.

Thanks for the feedback,

Garrett

On Jan 18, 2018, 1:23 PM -0500, Nick Roy <>, wrote:

I should note that sites that refresh metadata but do not verify the
signature are putting themselves and all of their federation partners at
great risk. This is fundamental to our security model. Please let me
know if you have any questions or would like me to elaborate.

Best,

Nick

On 1/17/18 2:57 PM, Nick Roy wrote:

Hi all,

I have one piece of feedback on the questionnaire: could you please
include a question about metadata signature verification in the "Trust"
section?

Something along the lines of:

"Does your site verify the XML digital signature on the root element of
the downloaded InCommon metadata each time you refresh metadata, to
ensure that the signature is valid, and was signed by the private key
that corresponds to the public key published by InCommon operations, and
reject any metadata found to not be validly signed?"

Thank you,

Nick Roy on behalf of InCommon Operations


On 1/17/18 2:39 PM, Garrett King wrote:

Thanks Alan, and agreed with your comments.  I’ll get some of this
feedback incorporated between this week and the next WG meeting.

Garrett

On Jan 17, 2018, 5:16 AM -0500, Alan Buxey <>,
wrote:

hi, apologies in advance, I won't be able to make todays meeting -
kids things to deal with (nothing serious/worrying etc - just mundane
things)

however, to further the questionnaire discussion and provide feedback
- having gone through the form a couple of times, I would say that
some of the stuff that appears on the no/don't know page should be
moved to the previous page - so that there's some info or 'more info'
link
on the actual question page - allowing the user to understand or check
before they choose an option. eg link to InCommon certificate
requirements

alan