An open discussion list for topics related to the eduGAIN interfederation service.

[Maja Wolniewicz <mgw AT umk.pl>]

Hi all,

Following Brook's request on testing metadata conformance also against
eduGAIN database, I have added a new option.
Now if you usehttps://www.edugain.org/Metadata/?edugain=country_code,
things will be read from the eduGAIN database and used for checking with
the feed contents. If the database does not contain some important
information, like signing certificate, a warning will be displayed (you
can test it on Colombian metadata).

The signature of metadata is also tested with the certificate stored in
the database and also the certificates themselves are compared (using
SHA-256 fingerprints). When testing this feature we have discovered that
Belgium, Germany and France have reissued their certificates using the
same key pairs. This does not break signature validation, but we have an
inconsistency in the database and will want to rectify that soon.

Registration Authority is tested in the same way.

eduGAIN status page links now point to the validator called with this
new option.

Cheers,
Maja

--
Maja Gorecka-Wolniewicz              mgw AT umk.pl
Uczelniane Centrum                   Information  &  Communication
Informatyczne                        Technology Centre
Uniwersytet Mikolaja Kopernika       Nicolaus Copernicus University
Coll. Maximum, pl. Rapackiego 1, 87-100 Torun, Poland
tel.: +48 56-611-27-40 fax: +48 56-622-18-50 tel. kom.: +48-693032574

Attachment: smime.p7s
Description: Kryptograficzna sygnatura S/MIME