...
New Alternative Means for SHA-2
https://spaces.at.internet2.edu/display/InCAssurance/2014/07/01/New+SHA-2+Alternative+Means
Alternative Means is now approved for campuses needing to move to SHA-2. It states "Identity Provider (IdP) Operators may continue to use SHA-1 to sign assertions through_ January 15, 2015 _ without compromise to their InCommon Assurance certification"
Question regarding eduroam:
At one point, eduroam was not compliant with SHA-1 because it used a non-compliant algorithm. Is that still an issue?
Comment: Now there is the AD alternative means
Jacob: I can't answer on behalf of AAC, With my Indiana University hat on, it makes a difference how you authenticate people for eduroam.
It involves a management assertion and an auditor's judgement.