Skip to Content.
Sympa Menu

edugain-discuss - Re: [eduGAIN-discuss] SP metadata does not comply with the CoCo

edugain-discuss AT lists.geant.org

Subject: An open discussion list for topics related to the eduGAIN interfederation service.

List archive

Re: [eduGAIN-discuss] SP metadata does not comply with the CoCo


Chronological Thread 
  • From: Peter Schober <peter.schober AT univie.ac.at>
  • To: edugain-discuss AT lists.geant.org
  • Subject: Re: [eduGAIN-discuss] SP metadata does not comply with the CoCo
  • Date: Tue, 19 Sep 2017 12:55:16 +0200
  • Authentication-results: prod-mail.geant.net (amavisd-new); dkim=pass (1024-bit key) header.d=univie.ac.at
  • Organization: ACOnet

Hey,

I've been asked by one of our federation members why/how their own
SAML SP isn't in compliance with the GEANT CoCo specification -- which
of course was news to me, as I'm not in the habit of curating and
publishing incorrect metadata:

Seemingly there is some process ("This is an automated message ...",
full text included below) sending out email claiming that their SP
"does not conform to the technical requirements of the Code of Conduct
Entity Category", but then leaves you guessing at what specificaly it
is they (or I) have done wrong ("have a look at and fix the
problem."). When asked the response seems to have been to ask their
"national identity federation".

Well, I (as the operator of said "national identity federation" in
question, and very likely the source of any errors here!) don't know
that something is wrong (or what specifically) -- and neither does the
CoCo monitor website for that particular entity:

https://monitor.edugain.org/coco/?f_id_sp=1447&f_entityID=vetuc&f_coc_found=1&f_last_seen=1&page=1&f_order=ts+desc&show=list_sp_tests&f_is_changed=1

So I advised them so ask the senders of that email to provide the
necessary information *what* *is* *wrong* with their entity. But it
seems while some process has determined that the SP (and/or its
registrar) has made an undisclosed mistake, and there's sufficiently
certain about that mistake to notify the owner of the affected entity,
noone is willing or able to tell the SP what that mistake is in the
two weeks (!) time that have passed since then.

How can "we" ("eduGAIN") be notifying entity owners about
"non-conformance" and not be able to tell them what specifically the
problem is?
If we don't know ourselfs we certainly shouldn't be sending out
notifications to entity owners.
And if we *do* know then I'd like to know why it's not possible to get
a clear statement about the source of the error (i.e., the reason for
sending that email to the SP owner) within 2 weeks time of sending the
notification, as the error must have been clear at the time the email
was generated.

Best regards,
-peter

----- Forwarded message from @vetmeduni.ac.at> -----

From: monitor AT edugain.org
Date: 02. September 2017 03:20
To: ...@vetmeduni.ac.at
Subject: SP metadata does not comply with the CoCo

Dear admin of the Service Provider
https://vetucation.vu-wien.ac.at/shibboleth

This is an automated message sent by the system monitoring the technical
conformance of the SAML Service Providers that claim the GEANT Data
protection Code of Conduct entity category in eduGAIN.

Your Service Provider does not conform to the technical requirements of
the Code of Conduct Entity Category. Please have a look at and fix the
problem.

For more information on the CoCo requirements, see
https://wiki.refeds.org/display/CODE/SAML+2+Profile+for+the+Data+Protection+Code+of+Conduct
For more information on your failing monitoring result, see
http://monitor.edugain.org/coco

-----------------------------------------------------------------------------------

----- End forwarded message -----



Archive powered by MHonArc 2.6.19.

Top of Page