Thought this might be of wider interest to people who might not
necessarily be registered as technical contacts. Have a good weekend
all :-)
Dear colleague,
You are receiving this message because you are a registered technical contact for an entity within the UK Access Management Federation for Education and Research. The purpose of this message is to remind you of a previously announced group of changes we are making to the format of the entity metadata published by the UK federation.
These changes will be implemented with tonight's (Fri 30-Jul-2010) metadata signing run. This message contains details of the "fallback" metadata aggregate you can configure your software to use should you encounter problems with the changes.
List of Changes
===============
UK federation metadata published starting with the daily update at the close of business on Friday, 30-Jul-2010 will incorporate the following major changes relative to current metadata:
* Signatures will be performed using the new xmlsectool application from the OpenSAML project. This replaces the metadatatool application distributed as part of the Shibboleth 1.3 Identity Provider software, which has now reached End of Life status.
* The document element now includes an ID element which is referenced in the signature. This brings the signatures on federation metadata in line with the SAML standard.
* Empty elements are now self-closing, rather than including both opening and closing tags.
* Much of the whitespace in the document is now normalised: leading space is "tabified" and line endings use newline characters only.
* XML namespaces, and the associated prefix declarations, are handled much more cleanly. Ideally, all namespaces are referenced just once on the document element. In some cases, namespace prefixes are used where literal namespaces previously appeared. Some namespace prefixes have changed, particularly where multiple prefixes were previously in use for the same namespace.
As well as better standards compliance, the new metadata format reduces the size of the published federation metadata by around 28%.
Fallback Metadata
=================
If you encounter problems with the revised metadata profile, you can configure your software to make use of the "fallback" metadata aggregate for a limited period. This aggregate makes use of the previous metadata profile, and will be available for at least one month after the implementation date for use by affected members. The fallback aggregate is located here:
http://metadata.ukfederation.org.uk/ukfederation-back.xml
If you make use of the fallback aggregate, please make sure that you notify the federation helpdesk so that we are aware of all affected members.
If you have any additional questions or concerns about these changes, please contact the federation helpdesk in the usual way.
-- Ian Young, SDSS and UK federation
|