Skip to Content.
Sympa Menu

technical-discuss - RE: [InC-Technical] ePTID changes caused by Shibboleth IdPv3 upgrade

Subject: InCommon Technical Discussions

List archive

RE: [InC-Technical] ePTID changes caused by Shibboleth IdPv3 upgrade


Chronological Thread 
  • From: "Cantor, Scott" <>
  • To: "Farmer, Jacob" <>, "Basney, Jim" <>, "" <>
  • Subject: RE: [InC-Technical] ePTID changes caused by Shibboleth IdPv3 upgrade
  • Date: Thu, 8 Jun 2017 14:18:16 +0000
  • Accept-language: en-US
  • Authentication-results: spf=pass (sender IP is 128.146.163.17) smtp.mailfrom=osu.edu; illinois.edu; dkim=none (message not signed) header.d=none;illinois.edu; dmarc=pass action=none header.from=osu.edu;
  • Ironport-phdr: 9a23:B5prFRIXyj3bknwAPtmcpTZWNBhigK39O0sv0rFitYgXKv/yrarrMEGX3/hxlliBBdydsKMbzbSN+P6wEUU7or+5+EgYd5JNUxJXwe43pCcHRPC/NEvgMfTxZDY7FskRHHVs/nW8LFQHUJ2mPw6arXK99yMdFQviPgRpOOv1BpTSj8Oq3Oyu5pHfeQtFiT6/bL9oLRi7owrdu8gVjIB/Nqs/1xzFr2dSde9L321oP1WTnxj95se04pFu9jlbtuwi+cBdT6j0Zrw0QrNEAjsoNWA1/9DrugLYTQST/HscU34ZnQRODgPY8Rz1RJbxsi/9tupgxCmXOND9QL4oVTi+6apgVQTlgzkbOTEn7G7Xi9RwjKNFrxKnuxx/2JPfbIWMOPZjYq/RYdYWSGxcVchTSiNBGJuxYYsRAeQcIeZWoYrzp1UMohu/GQajC/jiyjBUinLyxaA2z/gtHAPA0Qc9H9wOqnPUrNDtOascT+261q/IzSnEb/NMwTv29ZXGfQwmofGQQbJ8f9faxE4zGAzfiFWQtYvlPymP2ugTqGWb6PFgVf+1h2E5tg5xvyGiy8ExgYfKnoIY0k3I+Tl2zYovKtC1SlR3bNCmHZdKqi2WKoR7Tts/T2xptys20KAKtYK5cSQQ1pgqyBzSZ+aaf4WJ7B/vTOiRLil7iX55fb+yghi//Eyhx+HgU8S7zUtFoylEn9TJrX8CzQLf582dRfRg4Eus2DCC3B3J5O5eO0A7j6/bJoYhwrEukpoTtlzOEDfqlUvxkKOaaFwo9/aq5Oj6e7nmoYSTOJFuhgH5L6QuhtewAeMlMggIQmeX4/y81Kfk/U3lXrpFkuE2kqjesJDcP8gbobO5AxNR0oYk7Ba/DC2q38gfnXkCNF5FeRSHgJb1O1zWPfz0Efiyj06jnTpp3fzLML/sDo/QInTen7rtZbN95FRdyAo3w9Bf/ZVUCrQZLf3vQEDxssDYDhgjMwCu3erqE9J91pgDWW6VHKCWLb7SvUeS5u0zO+mMeJMVuDHlJvgk4f7hkXg5mVoYfamu25sbcne4Hu5pI0mAfXrjnMsOEWcMvgo/UOPlklmCXSdOaHazRKIz+iw7CJm9DYrYQoCtgaeB3DugHpFIfGxGC1aMEWv2eIWeXfcDdj6SLtF7njMaSLehVtxp6Rb7/iHz0b9qNK6c2CQTspipnIx3/+PajxQ/7xR1EoKQ33zbCyk+tGoTQTInmOhdoEk3ggOB26FjhfFJPd1X4/JPVQYhc5PQ0ro+Q5ruVwnBeNaCQVLjTtS9CiwqVfowxdQJZkN6HZOllB+Jl362DrQVkb2ADZhx/qPH1GXqPO58zX3B0awmiR8hWMQZZkO8gasqvSPaAZLOiQHRrK2tabhWlHrG/WGfynDI5mlfSxM2XKnYCyNMLnDKpMj0sxuRB4SlDq4qZ04YkZaP
  • Spamdiagnosticmetadata: NSPM
  • Spamdiagnosticoutput: 1:99
> I do like the idea of some commonly-available "attribute diff" tool that
> could
> make discovering this change easier. Obviously, it is something that you can
> figure out through careful testing during the IdP upgrade, but it would be
> fairly easy to overlook if you didn't specifically search for it.

I think we added something to our upgrade instructions about this, but since
it requires getting a sample of an ID from before the upgrade to compare to,
it makes it difficult to do much beyond documenting it. Even a test service
is
only helpful insofar as you can get somebody to poke it pre-update.

All in all, the real fix is "end use of pairwise ID for research sites" to
the
extent possible.

As long as people insist on upgrading by doing new installs, against our
advice, this is just going to keep happening for anybody that uses generated
IDs. 4.0, etc. No way to stop it. Not caring is the fundamental issue, and I
can't fault any SP for basing their decisions on what people care about.

-- Scott

Attachment: smime.p7s
Description: S/MIME cryptographic signature


Archive powered by MHonArc 2.6.19.

Top of Page