Skip to Content.
Sympa Menu

edugain-discuss - Re: [eduGAIN-discuss] Tool to monitor which IdP consumes your SP's metadata

edugain-discuss AT lists.geant.org

Subject: An open discussion list for topics related to the eduGAIN interfederation service.

List archive

Re: [eduGAIN-discuss] Tool to monitor which IdP consumes your SP's metadata


Chronological Thread 
  • From: Tomasz Wolniewicz <twoln AT umk.pl>
  • To: edugain-discuss AT geant.net
  • Subject: Re: [eduGAIN-discuss] Tool to monitor which IdP consumes your SP's metadata
  • Date: Wed, 02 Jul 2014 12:03:59 +0200
  • List-archive: <https://mail.geant.net/mailman/private/edugain-discuss/>
  • List-id: eduGAIN discussion list <edugain-discuss.geant.net>

Hi everyone,
I meant to send out an announcement beginning of next week, but as this has already popped up, then here it is.

The eduGAIN signing certificate is indeed only valid till the end of the month.
We were hoping that by that time we would be ready with new MDS and new security setup that would make the key rollover both necessary and justified. However, taking into account the holiday season, we have decided to reissue the certificate with the same keys.
We will run this change first on mds-beta, which provides the same metadata as the "real" mds, so that people can chack it things work fine for them and then do the change on the main MDS and on the SHA-256 feed.

We will be also enabling the new MDS for testing with a temporary signing certificate and when this goes trough, we will generate the final production key pair. We will then provide two feeds for some time allowing people time to do the switch.

I hope that this scenario sounds reasonable.
Tomasz



W dniu 2014-07-02 11:27, Peter Schober pisze:
20140702092705.GQ28782 AT aco.net">
> This will be pretty soon the case btw. as the eduGAIN signer cert
> expires on Aug 1 18:43:32 2014 GMT... But as far as I know Tomasz and
> Maya are aware of this and working on that.
/If/ we agree that this needs to be done (the MDS is/should not be
consumed by end entities' SAML implementations, so I'm not convinced
of that yet) I'd suggest doing this rather soon (ASAP) as many will be
on summer holidays by that time.
-peter

-- 
Tomasz Wolniewicz    
          twoln AT umk.pl        http://www.home.umk.pl/~twoln

Uczelniane Centrum Informatyczne   Information&Communication Technology Centre
Uniwersytet Mikolaja Kopernika     Nicolaus Copernicus University,
pl. Rapackiego 1, Torun               pl. Rapackiego 1, Torun, Poland
tel: +48-56-611-2750     fax: +48-56-622-1850       tel kom.: +48-693-032-576



Archive powered by MHonArc 2.6.19.

Top of Page