...
- Create a new self-signed signing certificate set to expire on December 18, 2037:
- https://md.incommon.org/certs/incommon.pem
- Make it possible to securely download the new signing certificate via the Federation Manager.
- On December 18, 2013, deploy a three new metadata aggregates:
- A new production metadata aggregate that uses the new self-signed certificate and a SHA2-based digest algorithm (specifically, SHA-256):
- http://md.incommon.org/InCommon/InCommon-metadata.xml
- A new fallback metadata aggregate that uses the new self-signed certificate and the SHA-1 digest algorithm (like we do now):
- http://md.incommon.org/InCommon/InCommon-metadata-fallback.xml
- A new preview metadata aggregate that is aliased to the production metadata aggregate:
- http://md.incommon.org/InCommon/InCommon-metadata-preview.xml
- A new production metadata aggregate that uses the new self-signed certificate and a SHA2-based digest algorithm (specifically, SHA-256):
- Advise all deployments to migrate to one of the new metadata aggregates ASAP but no later than March 29, 2014.
- Replace the current metadata aggregate with a redirect to the fallback metadata aggregate on March 29, 2014.
- Retire the following resources on March 29, 2014:
- http://wayf.incommonfederation.org/InCommon/InCommon-metadata.xml
- http://wayf.incommonfederation.org/InCommon/InCommon-metadata-test.xml
- https://wayf.incommonfederation.org/bridge/certs/incommon.pem
- https://wayf.incommonfederation.org/bridge/certs/ca.pem
- http://incommoncrl1.incommonfederation.org/crl/eecrls.crl
- http://incommoncrl2.incommonfederation.org/crl/eecrls.crl
- Sync the fallback metadata aggregate with the production metadata aggregate on June 30, 2014.
Wiki Markup Remove the redirect to the _fallback metadata aggregate_ on \[*date TBD*\].
...