edugain-discuss AT lists.geant.org
Subject: An open discussion list for topics related to the eduGAIN interfederation service.
List archive
- From: Maja Wolniewicz <mgw AT umk.pl>
- To: edugain-discuss AT geant.net
- Subject: [eduGAIN-discuss] New eduGAIN validator feature
- Date: Tue, 07 Oct 2014 19:10:19 +0200
- List-archive: <https://mail.geant.net/mailman/private/edugain-discuss/>
- List-id: eduGAIN discussion list <edugain-discuss.geant.net>
Hi all,
Following Brook's request on testing metadata conformance also against
eduGAIN database, I have added a new option.
Now if you usehttps://www.edugain.org/Metadata/?edugain=country_code,
things will be read from the eduGAIN database and used for checking with
the feed contents. If the database does not contain some important
information, like signing certificate, a warning will be displayed (you
can test it on Colombian metadata).
The signature of metadata is also tested with the certificate stored in
the database and also the certificates themselves are compared (using
SHA-256 fingerprints). When testing this feature we have discovered that
Belgium, Germany and France have reissued their certificates using the
same key pairs. This does not break signature validation, but we have an
inconsistency in the database and will want to rectify that soon.
Registration Authority is tested in the same way.
eduGAIN status page links now point to the validator called with this
new option.
Cheers,
Maja
--
Maja Gorecka-Wolniewicz mgw AT umk.pl
Uczelniane Centrum Information & Communication
Informatyczne Technology Centre
Uniwersytet Mikolaja Kopernika Nicolaus Copernicus University
Coll. Maximum, pl. Rapackiego 1, 87-100 Torun, Poland
tel.: +48 56-611-27-40 fax: +48 56-622-18-50 tel. kom.: +48-693032574
Attachment:
smime.p7s
Description: Kryptograficzna sygnatura S/MIME
- [eduGAIN-discuss] New eduGAIN validator feature, Maja Wolniewicz, 10/07/2014
Archive powered by MHonArc 2.6.19.