technical-discuss - RE: [InC-Technical] ePTID changes caused by Shibboleth IdPv3 upgrade
Subject: InCommon Technical Discussions
List archive
- From: "Farmer, Jacob" <>
- To: "Basney, Jim" <>, "" <>
- Subject: RE: [InC-Technical] ePTID changes caused by Shibboleth IdPv3 upgrade
- Date: Thu, 8 Jun 2017 13:56:56 +0000
- Accept-language: en-US
- Ironport-phdr: 9a23:Lgn/3xE3XmRxRGIb+F2TS51GYnF86YWxBRYc798ds5kLTJ7yrsmwAkXT6L1XgUPTWs2DsrQf2rWQ7furBzFIyK3CmUhKSIZLWR4BhJdetC0bK+nBN3fGKuX3ZTcxBsVIWQwt1Xi6NU9IBJS2PAWK8TW94jEIBxrwKxd+KPjrFY7OlcS30P2594HObwlSijewZbF/IA+3oAjfucUbgItvIbstxxXUpXdFZ/5Yzn5yK1KJmBb86Maw/Jp9/ClVpvks6c1OX7jkcqohVbBXAygoPG4z5M3wqBnMVhCP6WcGUmUXiRVHHQ7I5wznU5jrsyv6su192DSGPcDzULs5Vyiu47ttRRT1kyoMKSI3/3/LhcxxlKJboQyupxpjw47PfYqZMONycr7Bcd8GQGZMWNtaWS5cDYOmd4YBD/QPM/tEr4fzpFUOoxmxBQiwC+zg0TJIiWP60bEi3ug9DQ3L3gotFM8OvnTOq9X1Mb8fXe61wqbS1zXDau1Z2S3l5IPVdh4uu+2DXbVrfsbf1EIiEAHFjk2eqYP/JTOV0/oCs3KA4uphSOKjkXAopBxsojW2wMonl4fHhoUQyl/e9CV5xp44Jdy+SE5nf9GkCp1QuD+GN4doWM8tXXxnuDs8x7YbupC7ZDAHxIk5yxPbcfCKcYyF7gj+WOqLPDt1gH1odKqiixuy8EWs0O3xW8iu3FpXrCdIk8PAum4T2xDN8sSHROVy80S91TuK0g3f9P1LLl4umqfeNZIsw6M8lpQWvEnNAiP7mlj5gaqZe0o45uSl7fnsbK/8qZ+GLYB0jxnzMqQwlcy7BuQ1KggOUHKB+eSg0b3s50v5TK9Xjv03jqnZq4rWJcUdpqGkAg9ayIAj5AylAzi4zdsYgGELLFNDeB2Zk4jkI0zCLO78APulgVmhlC1ny+3cMrH8BpjAIWDPkLL7crZ8705cxhAzzdda559MCLEBOPzzVVXrtNzdEBA5KRe5w+f6CNlnyIwRRH+PDreDMKzOqV+I+v4vI+6UaY8UvjbyN/8l5/vrjX8+n18RZ66p3YEYaHyhAvRpPVmWYXrqgtcADWgFpA4+QPX3h12DSj5ce2uyX7kn5jwgDIKmDJzDRpy2gLCfxiu7H5tWZnxYBVCWF3fnaZmEV+kWZC2MP8Bhj29Mab/0AaUozhejpUuy6btiZKKA+CcRrpTuxfB04+nSkxYz7np5A9nLlynHU2x/nmUJTDYymax+ukdg0Uyr0K5zhPldEtoV4OlGGE9uKZPXz+p7ANn2Hw7AZdyUU02OQ9OtBjQ0SdR3xMUBNRVTAdKn21rt1jCvDqVR356CD5s+uOqI3WD/Ltx4xmzu1bRnglU7FJgcfVa6j7JyolCAT7XClF+UwuPzLfwR
Just for some sense of understanding the scope of this, I suspect that many
IdPs are experiencing this, but perhaps do not realize it. Looking over the
SPs that we federate with who only require ePTID[1], most of them appear to
be
library or online training providers, where the only[2] impact is the loss of
reading history or training history. And that may not be noticed by the end
user. Basically, if I log into OnlineTrainingService, will I ever notice that
it doesn't remember that I took Excel training last year?
I do like the idea of some commonly-available "attribute diff" tool that
could
make discovering this change easier. Obviously, it is something that you can
figure out through careful testing during the IdP upgrade, but it would be
fairly easy to overlook if you didn't specifically search for it.
Jacob
[1] We release this by default to InC members, so I can only look where we
have explicitly released it in a bilateral federation.
[2] I know that there are cases where this is nontrivial.
-----Original Message-----
From:
[mailto:]
On Behalf Of Basney, Jim
Sent: Thursday, June 8, 2017 9:26 AM
To:
Subject: Re: [InC-Technical] ePTID changes caused by Shibboleth IdPv3 upgrade
On 6/8/17, 6:36 AM, Scott Koranda wrote:
> We will plan to notify the IdP operator of the issue, but often the
> IdPs that present this issue also have incorrect contact information
> in metadata and/or do not respond on a timescale useful to the VO, so
> it is better from the VO perspective to just use the normal vetting
> process to process the "new" enrollment and get the user back to accessing
> the SPs.
Indeed. When CILogon attempted on Monday to notify an InCommon IdP operator
about their ePTIDs changing, the mail bounced ("User unknown"). We're looking
forward to the checks for contacts in metadata that are part of the planned
Baseline Expectations Implementation [1]. I'm also looking forward to using
the ORCID iD linking added in the recent COmanage release to help us avoid
re-vetting users, since ORCID gives us long-lived persistent IDs. Until then,
we have no choice but to re-enroll the users (which we're doing for another
InCommon IdP this week).
-Jim
[1] https://spaces.internet2.edu/x/05iTBg
Attachment:
smime.p7s
Description: S/MIME cryptographic signature
- Re: [InC-Technical] ePTID changes caused by Shibboleth IdPv3 upgrade, (continued)
- Re: [InC-Technical] ePTID changes caused by Shibboleth IdPv3 upgrade, Tom Scavo, 06/08/2017
- Re: [InC-Technical] ePTID changes caused by Shibboleth IdPv3 upgrade, Rhys Smith, 06/08/2017
- Re: [InC-Technical] ePTID changes caused by Shibboleth IdPv3 upgrade, Basney, Jim, 06/08/2017
- Re: [InC-Technical] ePTID changes caused by Shibboleth IdPv3 upgrade, Keith Hazelton, 06/08/2017
- Re: [InC-Technical] ePTID changes caused by Shibboleth IdPv3 upgrade, Tom Scavo, 06/08/2017
- RE: [InC-Technical] ePTID changes caused by Shibboleth IdPv3 upgrade, Wessel, Keith, 06/08/2017
- Re: [InC-Technical] ePTID changes caused by Shibboleth IdPv3 upgrade, Nick Roy, 06/08/2017
- Re: [InC-Technical] ePTID changes caused by Shibboleth IdPv3 upgrade, Nick Roy, 06/08/2017
- Re: [InC-Technical] ePTID changes caused by Shibboleth IdPv3 upgrade, Nick Roy, 06/08/2017
- Re: [InC-Technical] ePTID changes caused by Shibboleth IdPv3 upgrade, Scott Koranda, 06/08/2017
- Re: [InC-Technical] ePTID changes caused by Shibboleth IdPv3 upgrade, Basney, Jim, 06/08/2017
- RE: [InC-Technical] ePTID changes caused by Shibboleth IdPv3 upgrade, Farmer, Jacob, 06/08/2017
- RE: [InC-Technical] ePTID changes caused by Shibboleth IdPv3 upgrade, Cantor, Scott, 06/08/2017
- RE: [InC-Technical] ePTID changes caused by Shibboleth IdPv3 upgrade, Farmer, Jacob, 06/08/2017
- Re: [InC-Technical] ePTID changes caused by Shibboleth IdPv3 upgrade, Basney, Jim, 06/08/2017
- Re: [InC-Technical] ePTID changes caused by Shibboleth IdPv3 upgrade, Keith Hazelton, 06/08/2017
- Re: [InC-Technical] ePTID changes caused by Shibboleth IdPv3 upgrade, Tom Scavo, 06/08/2017
Archive powered by MHonArc 2.6.19.