Dear XXX,
I extend an invitation on behalf of the GÉANT Trust and Identity Incubator for your participation in a workshop on the most valuable scenarios for validating signatures and related security aspects of SAML content produced by Service Providers within federations.
Our objective is to develop a scalable software or service solution that would assist in testing the security aspects of Service Providers' SAML deployments, with a specific emphasis on signature validation. This solution aims to automate and streamline testing scenarios, including the checking of signature validity, identifying vulnerabilities to signature wrapping attacks, and addressing real-life failures observed in SP deployments. The validation scenarios encompass self-testing by SPs for production readiness, onboarding testing by FedOps, periodic reviews of SPs by FedOps, and testing initiated by client institutions during compliance reviews.
Besides discussing the technical implementation with you, we seek to collaboratively explore technical, operational and legal requirements and risks, taking into consideration real-world arrangements, attitudes and other concerns.
For more details, please refer to the provided link: https://wiki.geant.org/display/GWP5/Scalable+testing+for+insecure+SAML+signature+validation
We hope you find this topic intriguing and that you are interested in participating in the proposed workshop.
Please make your interest known to us by responding to this message. We will send out a doodle to select the date and time that suit the participants best. We aim to propose the terms in the week of January 22 for this meeting but welcome your suggestions for alternative dates and times.
Sincerely,
YYY