An open discussion list for topics related to the eduGAIN interfederation service.

[Peter Schober <peter.schober AT univie.ac.at>]

Hey,

I've been asked by one of our federation members why/how their own
SAML SP isn't in compliance with the GEANT CoCo specification -- which
of course was news to me, as I'm not in the habit of curating and
publishing incorrect metadata:

Seemingly there is some process ("This is an automated message ...",
full text included below) sending out email claiming that their SP
"does not conform to the technical requirements of the Code of Conduct
Entity Category", but then leaves you guessing at what specificaly it
is they (or I) have done wrong ("have a look at and fix the
problem."). When asked the response seems to have been to ask their
"national identity federation".

Well, I (as the operator of said "national identity federation" in
question, and very likely the source of any errors here!) don't know
that something is wrong (or what specifically) -- and neither does the
CoCo monitor website for that particular entity:

https://monitor.edugain.org/coco/?f_id_sp=1447&f_entityID=vetuc&f_coc_found=1&f_last_seen=1&page=1&f_order=ts+desc&show=list_sp_tests&f_is_changed=1

So I advised them so ask the senders of that email to provide the
necessary information *what* *is* *wrong* with their entity. But it
seems while some process has determined that the SP (and/or its
registrar) has made an undisclosed mistake, and there's sufficiently
certain about that mistake to notify the owner of the affected entity,
noone is willing or able to tell the SP what that mistake is in the
two weeks (!) time that have passed since then.

How can "we" ("eduGAIN") be notifying entity owners about
"non-conformance" and not be able to tell them what specifically the
problem is?
If we don't know ourselfs we certainly shouldn't be sending out
notifications to entity owners.
And if we *do* know then I'd like to know why it's not possible to get
a clear statement about the source of the error (i.e., the reason for
sending that email to the SP owner) within 2 weeks time of sending the
notification, as the error must have been clear at the time the email
was generated.

Best regards,
-peter

----- Forwarded message from @vetmeduni.ac.at> -----

     From: monitor AT edugain.org
     Date: 02. September 2017 03:20
     To: ...@vetmeduni.ac.at
     Subject: SP metadata does not comply with the CoCo

     Dear admin of the Service Provider
     https://vetucation.vu-wien.ac.at/shibboleth

     This is an automated message sent by the system monitoring the technical 
conformance of the SAML Service Providers that claim the GEANT Data 
protection Code of Conduct entity category in eduGAIN.

     Your Service Provider does not conform to the technical requirements of 
the Code of Conduct Entity Category. Please have a look at and fix the 
problem.

     For more information on the CoCo requirements, see 
https://wiki.refeds.org/display/CODE/SAML+2+Profile+for+the+Data+Protection+Code+of+Conduct
     For more information on your failing monitoring result, see 
http://monitor.edugain.org/coco
     
-----------------------------------------------------------------------------------
     
----- End forwarded message -----