edugain-discuss AT lists.geant.org
Subject: An open discussion list for topics related to the eduGAIN interfederation service.
List archive
- From: Brook Schofield <schofield AT terena.org>
- To: edugain-discuss AT geant.net
- Subject: Re: [eduGAIN-discuss] eduGAIN validator
- Date: Fri, 25 Oct 2013 16:50:47 +0200
- List-archive: <https://mail.geant.net/mailman/private/edugain-discuss/>
- List-id: eduGAIN discussion list <edugain-discuss.geant.net>
It looks like NIST conformance (at least to part of the spec) is becoming a "defacto" standard, especially if UKf will only be interoperating with >=2048 key length (and other federations will surely follow this approach).
Hopefully this falls into "best practice" which defines the "clear rules" including having this listed in the validator. Interoperability is the goal so we need to raise the bar to ensure that as much of eduGAIN "works" in practice. If there is a need to be specific about this - it is certainly something that can be clarified in an update to the metadata profile.
Thanks Peter for identifying the "size" of the problem (which currently isn't significant) and hopefully it can be rectified so that there isn't any loss of service.
On 25 October 2013 16:30, Peter Schober <peter.schober AT univie.ac.at> wrote:
* Ian Young <ian AT iay.org.uk> [2013-10-25 15:46]:
> On 25 Oct 2013, at 12:10, Peter Schober <peter.schober AT univie.ac.at> wrote:I've tickets with the 2 SPs (of those 5 entities) and I'm
> > Currently there are only 5 out of 222 entities with such keys, so
> > changes to those 5 entities within the remaining months of the year
> > seem very much doable
>
> Only if there is some pressure applied, I’d expect. People — even
> people you’d expect to take this kind of thing seriously — often
> find it hard to prioritise something that doesn’t actually stop
> their service from working. I brought this issue up with at least
> one of the entity deployers some months ago, with no result.
optimistic this will be handled in time in this case.
The 3 remaining IdPs with 1024 bit keys are
https://idp.uniroma3.it/idp/shibboleth
https://login.ntua.gr/idp/shibboleth
https://aai.sztaki.hu/idp
Maybe colleagues from IDEM, GRNET and eduID.hu respectively will want
to help those institutions perform a key rollover.
But certainly for existing, possibly old entities from member
federations coming into the aggregate having clear rules in place
would be preferrable.
-peter
--
===================================================
Brook Schofield, TERENA Project Development Officer
TERENA Secretariat, Singel 468 D, 1017 AW Amsterdam, The Netherlands
Tel +31 20 530 4488 Fax +31 20 530 4499 Mob +31 65 155 3991
www.terena.org
Brook Schofield, TERENA Project Development Officer
TERENA Secretariat, Singel 468 D, 1017 AW Amsterdam, The Netherlands
Tel +31 20 530 4488 Fax +31 20 530 4499 Mob +31 65 155 3991
www.terena.org
- [eduGAIN-discuss] eduGAIN validator, Maja Wolniewicz, 25-Oct-2013
- Re: [eduGAIN-discuss] eduGAIN validator, Peter Schober, 25-Oct-2013
- Re: [eduGAIN-discuss] eduGAIN validator, Maja Wolniewicz, 25-Oct-2013
- Re: [eduGAIN-discuss] eduGAIN validator, Ian Young, 25-Oct-2013
- Re: [eduGAIN-discuss] eduGAIN validator, Ian Young, 25-Oct-2013
- Re: [eduGAIN-discuss] eduGAIN validator, Peter Schober, 25-Oct-2013
- Re: [eduGAIN-discuss] eduGAIN validator, Brook Schofield, 10/25/2013
- Re: [eduGAIN-discuss] eduGAIN validator, Peter Schober, 25-Oct-2013
- Re: [eduGAIN-discuss] eduGAIN validator, Maja Wolniewicz, 25-Oct-2013
- Re: [eduGAIN-discuss] eduGAIN validator, Peter Schober, 25-Oct-2013
Archive powered by MHonArc 2.6.19.