An open discussion list for topics related to the eduGAIN interfederation service.

[Ian Young <ian AT iay.org.uk>]

On 2019-11-25, at 13:03, Etienne Dysli Metref <etienne.dysli-metref AT switch.ch> wrote:

On 25/11/2019 11.39, Ian Young wrote:

I'd really prefer not to speculate on a version that old. You should
migrate to the current version (0.9.2) as soon as you can.

Is there any argument speaking for the urgency of such an upgrade?

The MDA hasn't really had security issues as such, but there have been a couple of changes in the java-support bundled with it which have security implications in obscure situations. I wouldn't say that was an urgent reason to upgrade though, except as a matter of principle.

Upgrading now would get you something that you can get support for, and move you past the majority of API changes so that when we finally get to 0.10/1.0, it's probably a much smaller thing.

0.8 and 0.9 also brought in a _ton_ of new features, so you can do a lot more with the current one than you could do in 2013.

I'll have to carefully plan that together with xmlsectool and MDA
configuration upgrades. I broke the SWITCHaai federation once, I'm not
eager to repeat the experience...

Understood. The good thing about most of what the MDA does is that you can just run both versions and compare the output and gain confidence in your upgrade that way.

I found out I could modify that template as was done in [1] to avoid
using this extension:

   <xsl:template match="ds:X509Certificate">
     <xsl:element name="ds:X509Certificate">
       <xsl:text>&#10;</xsl:text>
         <xsl:value-of select="translate(normalize-space(.),'
','&#x0a;')"/>
       <xsl:text>&#10;</xsl:text>
     </xsl:element>
   </xsl:template>

This has the same effect, except breaking lines at 64 characters, so
I'll go with that.

Seems reasonable.

    -- Ian

Attachment: smime.p7s
Description: S/MIME cryptographic signature