This document is still in its draft form, any comments welcomein the process of conversion form v1 and is in draft form
Table of Contents | ||
---|---|---|
|
...
condition evaluated | reason | |
---|---|---|
S1 | The signature exists and is valid | eduGAIN-profile section 4 |
S2 | The signature can be validated with the public key configured for the federation metadata channel | eduGAIN-profile section 4 |
S3 | The | signature RSA key size is at least 2048-biteduGAIN-profile |
...
signature |
...
was made using an explicit ID reference, not an empty reference |
...
eduGAIN-profile section 4 | |
S4 | The signature reference refers to the document |
...
element | eduGAIN-profile section 4 |
S5 | The signature's |
...
digest algorithm is at least as strong as SHA-256 |
...
, |
...
and does not use MD5 |
...
eduGAIN-profile section 4 | |
S6 | The signature's signature method is RSA with an associated digest at least as strong as |
...
and does not use MD5 or SHA-1 | eduGAIN-profile section 4 | |
S7 | The signature's transforms contain only these permissible values:
| eduGAIN-profile section 4 |
Verification of metadata validity
...
Condition Evaluated | Reason | |
---|---|---|
A1 | the document element is md:EntitiesDescriptor | |
A2 | all required namespaces are declared, that is xmlns:md, xmlns:mdrpi, xmlns:ds. | |
A3 | if md:EntitiesDescriptor contains md:Extensions element with mdrpi:PublicationInfo element in which the publisher attribute is givenand creationInstant attributes exist | |
A4 | the creationInstant attribute uses the dateTime format required by SAMLMeta and does not point to the future | SAMLMeta sec. 2.2.1 |
A5A4 | validUntil attribute in EntitiesDescriptor element exists, can be converted to a time value and it does not point to the past | SAML lines: 348; 316 |
A5A6 | validUntil attribute with a value not earlier than 120 hours (5 days) and not later than 2304 hours (28 days) after the creationInstant | eduGAIN-profile |
A6A7 | the fetched document schema-validates against following SAML metadata schemas:
|
...