Page History

...

Verification of metadata validity

After a positive verification verification of integrity and originality (as decried in the previous section), the following validity verification is performed:steps are performed.

Verification of the document as a whole:

	condition evaluated	reason
A1	the document element is md:EntitiesDescriptor
A2	all required namespaces are declared, that is xmlns:md, xmlns:mdrpi, xmlns:ds.
A3	if md:EntitiesDescriptor contains md:Extensions element with mdrpi:PublicationInfo element in which the publisher attribute is given
A4	validUntil attribute in EntitiesDescriptor element exists, can be converted to a time value and it does not point to the past	SAML lines: 348; 316
A5	validUntil attribute with a value not earlier than 120 hours (5 days) and not later than 2304 hours (28 days) after the creationInstant	eduGAIN-profile
A6	the fetched document schema-validates against following SAML metadata schemas: saml-schema-metadata-2.0.xsd - namespace urn:oasis:names:tc:SAML:2.0:metadata saml-schema-assertion-2.0.xsd - namespace urn:oasis:names:tc:SAML:2.0:assertion saml-metadata-rpi-v1.0-csd01.xsd - namespace urn:oasis:names:tc:SAML:metadata:rpi shibboleth-metadata-1.0.xsd - namespace urn:mace:shibboleth:metadata:1.0 sstc-metadata-attr.xsd - namespace sstc-saml-metadata-ui-v1.0.xsd - namespace urn:oasis:names:tc:SAML:metadata:ui sstc-saml-idp-discovery.xsd - namespace urn:oasis:names:tc:SAML:profiles:SSO:idp-discovery-protocol sstc-saml-metadata-algsupport.xsd - namespace urn:oasis:names:tc:SAML:metadata:algsupport xml.xsd - namespace http://www.w3.org/XML/1998/namespace xmldsig-core-schema.xsd - namespace http://www.w3.org/2000/09/xmldsig# xenc-schema.xsd - namespace http://www.w3.org/2001/04/xmlenc# ws-addr.xsd - namespace http://www.w3.org/2005/08/addressing ws-securitypolicy-1.2.xsd - namespace http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702 ws-authorization.xsd - namespace http://docs.oasis-open.org/wsfed/authorization/200706 ws-federation.xsd - namespace http://docs.oasis-open.org/wsfed/federation/200706 MetadataExchange.xsd - namespace http://schemas.xmlsoap.org/ws/2004/09/mex oasis-200401-wss-wssecurity-utility-1.0.xsd - namespace http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd oasis-200401-wss-wssecurity-secext-1.0.xsd - namespace http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd

...

Page tree

Versions Compared

Old Version 27

New Version 28

Key

Verification of metadata validity