An open discussion list for topics related to the eduGAIN interfederation service.

[Peter Schober <peter.schober AT univie.ac.at>]

Dear all,

DFN thankfully publishes a list of some SPs known (or believed[1]) to
*not* support AES-GCM encryption (the default algorithm used by new
installs of the Shibboleth IDP v4 software, for example):
https://doku.tid.dfn.de/de:shibidp:config-encryption

Could we all please coordinate the amendment of these (but really,
all) SPs we each register and publish with approproate values for the
md:EncryptionMethod element?

Also, in cases where there's evidence that the published metadata is
incorrect or suboptional (e.g. only mentions AES-CBC even though the
SP should also support AES-GCM) I'd also urge you to please make the
additional effort of informing the registrar in question, asking them
to (ask their SP to) correct this.

The copy of any SPs metadata in eduGAIN should ideally reflect the
state of the art (in order to be most correct, complete and useful),
IMO.  And however far we are from archieving that it should be clear
that any efforts of only "fixing" such issues locally (e.g. for local
registrations effecting only the local federation membership) only
leads to needless duplication of effort and no economies of scale.

Best regards,
-peter

[1] E.g. for the Elsevier SP I think this is in fact incorrect based
    on auto-geenrated metadata from their Shibboleth SP software. at
    https://auth.elsevier.com/SHIRE/Metadata