Phase 1 Implementation Plan
A plan to implement the Phase 1 Recommendations of the Metadata Distribution WG is emerging:
- Replace the current signing certificate with a long-lived, self-signed certificate using the current key pair. Set the new certificate to expire on December 18, 2037
- Deploy a new metadata aggregate using the new self-signed certificate. The new aggregate will be signed using a SHA2-based signing algorithm.
- Recommend that all deployments migrate to the new metadata aggregate asap. In particular, non-Shibboleth deployments (such as AD FS and CA SiteMinder) are strongly encouraged to migrate to the new metadata aggregate before April 2014 (which is when the signing certificate of the legacy CA expires).
Replace the current metadata aggregate with a redirect. [date TBD]
- Create a discussion list for administrators that have questions or experience problems regarding this transition.