edugain-discuss AT lists.geant.org
Subject: An open discussion list for topics related to the eduGAIN interfederation service.
List archive
- From: Lukas Hämmerle <lukas.haemmerle AT switch.ch>
- To: edugain-discuss AT lists.geant.org
- Cc: Miroslav Milinovic <miro AT srce.hr>
- Subject: Re: [eduGAIN-discuss] SP metadata does not comply with the CoCo
- Date: Tue, 19 Sep 2017 13:25:36 +0200
- Organization: SWITCH
Hi Peter
The CoCo monitor has sent out quite a few of those false positive check
mails in the past weeks. Some of them then ended also up in the eduGAIN
e-Science Support ticket queue because SP admins were asking us what was
wrong with their SP. My guess is that the CoCo check failed to download
the privacy statement due to some temporary connectivity issues.
However, only the admins of the CoCo monitor might know more for sure.
Miro and team (who are operating the CoCo monitor) are informed already
about this issues. Also about the suggestion to improve the emails to
include the cause of why the check supposedly failed.
Best Regards
Lukas
On 19.09.17 12:55, Peter Schober wrote:
> Hey,
>
> I've been asked by one of our federation members why/how their own
> SAML SP isn't in compliance with the GEANT CoCo specification -- which
> of course was news to me, as I'm not in the habit of curating and
> publishing incorrect metadata:
>
> Seemingly there is some process ("This is an automated message ...",
> full text included below) sending out email claiming that their SP
> "does not conform to the technical requirements of the Code of Conduct
> Entity Category", but then leaves you guessing at what specificaly it
> is they (or I) have done wrong ("have a look at and fix the
> problem."). When asked the response seems to have been to ask their
> "national identity federation".
>
> Well, I (as the operator of said "national identity federation" in
> question, and very likely the source of any errors here!) don't know
> that something is wrong (or what specifically) -- and neither does the
> CoCo monitor website for that particular entity:
>
> https://monitor.edugain.org/coco/?f_id_sp=1447&f_entityID=vetuc&f_coc_found=1&f_last_seen=1&page=1&f_order=ts+desc&show=list_sp_tests&f_is_changed=1
>
> So I advised them so ask the senders of that email to provide the
> necessary information *what* *is* *wrong* with their entity. But it
> seems while some process has determined that the SP (and/or its
> registrar) has made an undisclosed mistake, and there's sufficiently
> certain about that mistake to notify the owner of the affected entity,
> noone is willing or able to tell the SP what that mistake is in the
> two weeks (!) time that have passed since then.
>
> How can "we" ("eduGAIN") be notifying entity owners about
> "non-conformance" and not be able to tell them what specifically the
> problem is?
> If we don't know ourselfs we certainly shouldn't be sending out
> notifications to entity owners.
> And if we *do* know then I'd like to know why it's not possible to get
> a clear statement about the source of the error (i.e., the reason for
> sending that email to the SP owner) within 2 weeks time of sending the
> notification, as the error must have been clear at the time the email
> was generated.
>
> Best regards,
> -peter
>
> ----- Forwarded message from @vetmeduni.ac.at> -----
>
> From: monitor AT edugain.org
> Date: 02. September 2017 03:20
> To: ...@vetmeduni.ac.at
> Subject: SP metadata does not comply with the CoCo
>
> Dear admin of the Service Provider
> https://vetucation.vu-wien.ac.at/shibboleth
>
> This is an automated message sent by the system monitoring the
> technical conformance of the SAML Service Providers that claim the GEANT
> Data protection Code of Conduct entity category in eduGAIN.
>
> Your Service Provider does not conform to the technical requirements
> of the Code of Conduct Entity Category. Please have a look at and fix the
> problem.
>
> For more information on the CoCo requirements, see
> https://wiki.refeds.org/display/CODE/SAML+2+Profile+for+the+Data+Protection+Code+of+Conduct
> For more information on your failing monitoring result, see
> http://monitor.edugain.org/coco
>
> -----------------------------------------------------------------------------------
>
> ----- End forwarded message -----
>
--
SWITCH
Lukas Hämmerle, Trust & Identity
GÉANT Project Task Leader of
eduGAIN Service Development - Research and Service Providers
Werdstrasse 2, P.O. Box, 8021 Zurich, Switzerland
phone +41 44 268 15 05, direct +41 44 268 15 64
lukas.haemmerle AT switch.ch, http://www.switch.ch
30 years of pioneering the Swiss Internet. Celebrate with us at
https://swit.ch/30years
- Re: [eduGAIN-discuss] SP metadata does not comply with the CoCo, Peter Schober, 19-Sep-2017
- Re: [eduGAIN-discuss] SP metadata does not comply with the CoCo, Lukas Hämmerle, 09/19/2017
- Re: [eduGAIN-discuss] SP metadata does not comply with the CoCo, Peter Schober, 19-Sep-2017
- Re: [eduGAIN-discuss] SP metadata does not comply with the CoCo, Peter Schober, 19-Sep-2017
- Re: [eduGAIN-discuss] SP metadata does not comply with the CoCo, Ioannis Kakavas, 19-Sep-2017
- Re: [eduGAIN-discuss] SP metadata does not comply with the CoCo, Miroslav Milinovic, 20-Sep-2017
- Re: [eduGAIN-discuss] SP metadata does not comply with the CoCo, Chris Phillips, 20-Sep-2017
- Re: [eduGAIN-discuss] SP metadata does not comply with the CoCo, Miroslav Milinovic, 20-Sep-2017
- Re: [eduGAIN-discuss] SP metadata does not comply with the CoCo, Peter Schober, 19-Sep-2017
- Re: [eduGAIN-discuss] SP metadata does not comply with the CoCo, Peter Schober, 19-Sep-2017
- Re: [eduGAIN-discuss] SP metadata does not comply with the CoCo, Lukas Hämmerle, 09/19/2017
Archive powered by MHonArc 2.6.19.