Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

DRAFT

This document specifies recommendations for upstream metadata produced by eduGAIN participants. Failure to comply with these recommendations will result. in a warning produced by the eduGAIN metadata validator.

The table below lists currently implemented Currently we are just listing the current validator warnings, those marked as red are actually specification errors and should be upgraded to validator errors .(to be discussed within the eduGAIN SG)

Global warnings

Signing certificate expired


Warnings on entity level


md:EmailAddress in md:ContactPerson element should start with mailto: prefixThis violates line 495 of https://docs.oasis-open.org/security/saml/v2.0/saml-metadata-2.0-os.pdf and should be considered an error!

SIRTFI attribute present and security contact found but no http://refeds.org/metadata/contactType/security contactType

SIRTFI specification error

assurance-certification entity attribute is defined, but no appropriate md:ContactPerson set


shibmd:Scope with no regexp attribute

https://wiki.shibboleth.net/confluence/display/SC/ShibMetaExt+V1.0 recommendation

mdattr:EntityAttributes placed in md:Extensions element of SPSSODescriptor/IDPSSODescriptor, expected in  md:Extensions element of EntityDescriptor


mdrpi:RegistrationPolicy not found


mdrpi:RegistrationInfo element defined more than once within a given md:Extensions element

This violates http://docs.oasis-open.org/security/saml/Post2.0/saml-metadata-rpi/v1.0/cs01/saml-metadata-rpi-v1.0-cs01.html section 2.1 therefore should be an error

mdattr:EntityAttributes element contains saml:AttributeValue with leading/trailing whitespaces


mdattr:EntityAttributes element appears more than once within a given md:Extensions element 


Warnings on entity’s role level


mdui:PrivacyStatementURL does not start with http:// https://

Not a direct specification error, but probably should be considered as such?
mdui:GeolocationHint should start with geo: prefixviolation of http://docs.oasis-open.org/security/saml/Post2.0/sstc-saml-metadata-ui/v1.0/cs01/sstc-saml-metadata-ui-v1.0-cs01.pdf section 2.2.4 should be an error
mdui:UIInfo not found, no mdui:DisplayName and mdui:Description presenteduGAIN SAML profile Section 3
mdui:UIInfo with mdui:DisplayName found but mdui:Description not presenteduGAIN SAML profile Section 3
mdui:UIInfo found but mdui:DisplayName not presenteduGAIN SAML profile Section 3
mdui:UIInfo found but neither mdui:DisplayName nor mdui:Description presenteduGAIN SAML profile Section 3
mdui:UIInfo found but no mdui:Logo elementeduGAIN SAML profile Section 3
this SP does not provide requested attribute specification
Data Protection Code of Conduct declared but no mdui:PrivacyStatementURL foundViolates the CoCo spec
CoCo declared but md:RequestedAttribute element not foundViolates the CoCo spec
CoCo declared but mdui:PrivacyStatementURL and md:RequestedAttribute elements not foundViolates the CoCo spec

...