Streamlining SP Onboarding WG

[Nick Roy <>]

Thank you Garrett, much appreciated.

Nick

On 1/19/18 9:29 AM, Garrett King wrote:
> Hi Nick,
> 
> I agree.  I’ll add this to the next WG agenda to make sure we’re
> accounting for this in the criteria document and calling it
> appropriately (per your example) in the questionnaire.
> 
> Thanks for the feedback,
> Garrett
> 
> On Jan 18, 2018, 1:23 PM -0500, Nick Roy 
> <>,
>  wrote:
>> I should note that sites that refresh metadata but do not verify the
>> signature are putting themselves and all of their federation partners at
>> great risk. This is fundamental to our security model. Please let me
>> know if you have any questions or would like me to elaborate.
>>
>> Best,
>>
>> Nick
>>
>> On 1/17/18 2:57 PM, Nick Roy wrote:
>>> Hi all,
>>>
>>> I have one piece of feedback on the questionnaire: could you please
>>> include a question about metadata signature verification in the "Trust"
>>> section?
>>>
>>> Something along the lines of:
>>>
>>> "Does your site verify the XML digital signature on the root element of
>>> the downloaded InCommon metadata each time you refresh metadata, to
>>> ensure that the signature is valid, and was signed by the private key
>>> that corresponds to the public key published by InCommon operations, and
>>> reject any metadata found to not be validly signed?"
>>>
>>> Thank you,
>>>
>>> Nick Roy on behalf of InCommon Operations
>>>
>>>
>>> On 1/17/18 2:39 PM, Garrett King wrote:
>>>> Thanks Alan, and agreed with your comments.  I’ll get some of this
>>>> feedback incorporated between this week and the next WG meeting.
>>>>
>>>> Garrett
>>>>
>>>> On Jan 17, 2018, 5:16 AM -0500, Alan Buxey 
>>>> <>,
>>>> wrote:
>>>>> hi, apologies in advance, I won't be able to make todays meeting -
>>>>> kids things to deal with (nothing serious/worrying etc - just mundane
>>>>> things)
>>>>>
>>>>> however, to further the questionnaire discussion and provide feedback
>>>>> - having gone through the form a couple of times, I would say that
>>>>> some of the stuff that appears on the no/don't know page should be
>>>>> moved to the previous page - so that there's some info or 'more info'
>>>>> link
>>>>> on the actual question page - allowing the user to understand or check
>>>>> before they choose an option. eg link to InCommon certificate
>>>>> requirements
>>>>>
>>>>> alan
>>>