An open discussion list for topics related to the eduGAIN interfederation service.

[Etienne Dysli Metref <etienne.dysli-metref AT switch.ch>]

Hi all,

(Sorry for the out-of-thread reply. I just subscribed to this list
because of this issue.)

> At 4:10pm CET, Chris Philips (Canarie) alerted us of an error that was
> preventing their MDA to correctly parse some entities in the eduGAIN
> feed. Canarie is using Shibbolteh MDA. The error was:
> 
> "ERROR - validateSchema reported: UndeclaredPrefix: Cannot resolve
> 'xs:string' as a QName: the prefix 'xs' is not declared."

Our old Shib MDA also choked the exact same way yesterday and I was
wondering why when the error suddenly disappeared... :O

> With the help of Ian Young we found out that:
> 1. what is causing the issue is that the "xs" namespace is declared in
> `EntitiesDescriptor` on the latest version of the eduGAIN MDS, versus
> per `AttributeValue` in the previous version.
> 2. we're hitting on an old Shibboleth MDA bug which is preventing the
> MDA to resolve namespaces declared "too far" from the element where they
> are used --- see https://issues.shibboleth.net/jira/browse/MDA-47
> 3. other identity federations using Shibboleth MDA, such as UKf and many
> others, were not hit by the issue because they strip out all the
> `xsi:type="xs:string"` elements as part of their aggregation process.

So what's the way out for users of the Shib MDA? Is there a release
where this bug is fixed (apparently not)? How can I configure the
workaround?

Also, as the person operating the metadata signing for SWITCHaai and
given that we consume the eduGAIN feed, where shall I keep myself
informed about such eduGAIN changes? Is this the right mailing list?

Cheers,
  Etienne

Attachment: signature.asc
Description: OpenPGP digital signature