Differences
This shows you the differences between two versions of the page.
Both sides previous revision Previous revision Next revision | Previous revision Next revisionBoth sides next revision | ||
en:metadata_admin_tool:checklist [2019/02/13 16:23] – Silke Meyer | en:metadata_admin_tool:checklist [2019/04/30 16:47] – Silke Meyer | ||
---|---|---|---|
Line 5: | Line 5: | ||
{{: | {{: | ||
+ | * If reading your new system' | ||
* If possible, please fill in all fields. Correct your data when you see red warning messages. | * If possible, please fill in all fields. Correct your data when you see red warning messages. | ||
* Display Name: the name of your organization, | * Display Name: the name of your organization, | ||
* Description: | * Description: | ||
* Information URL: the website of your organization, | * Information URL: the website of your organization, | ||
- | * **Privacy Statement URL**: Please provide the link to your **data privacy statement**. This field is mandatory for Service | + | * **Privacy Statement URL**: Please provide the link to your **data privacy statement**. This field is mandatory for Service |
- | * The **logos** are fetched and shown in the discovery service (favicons of IdPs) resp. on IdPs' login screens. That is why they have clearly defined maximum sizes. Please scale your logos to make them fit. The small logo is supposed to be a favicon of 16 by 16 pixels. (SPs do not need to submit a favicon URL.) The big logo has to have a width of 64 to 240 pixels and a maximum height of 180 pixels. | + | * The **logos** are displayed |
- | * Please submit at leat four **contacts** per system: An administrative contact, a technical one, a support contact and a security contact. We recommend to use non-personalized email addresses, especially for the security contact which could be your Computer Emergency Response Team. If you do not have anything like that, put in the contact that responds in case of security incidents. Please make sure to keep those email addresses up to date! | + | * Please submit at least four **contacts** per system: An administrative contact, a technical one, a support contact and a security contact. We recommend to use non-personalized email addresses, especially for the security contact which could be your Computer Emergency Response Team. If you do not have anything like that, put in the contact that responds in case of security incidents. Please make sure to keep those email addresses up to date! |
* Have your X.509 certificate for SAML-based communication ready. We have an [[en: | * Have your X.509 certificate for SAML-based communication ready. We have an [[en: | ||
- | * IdP use DFN-PKI certificates. As of July 2019, only the **second generation of DFN-PKI certificates** will be valid. | + | * IdPs use DFN-PKI certificates. As of July 2019, only the **second generation of DFN-PKI certificates** will be valid. |
- | * SPs can use DFN-PKI certificates (if entitled | + | * SPs can use DFN-PKI certificates (if entitled), certificates issued by established commercial CAs, or self-signed certificates. |
* SSL certificates must not exceed a **validity of 39 months**. | * SSL certificates must not exceed a **validity of 39 months**. | ||
* For security reasons, we do no longer accept certificates that were created with a sha1 **signature algorithm**. Here is how you can check this, e.g. with openssl: | * For security reasons, we do no longer accept certificates that were created with a sha1 **signature algorithm**. Here is how you can check this, e.g. with openssl: | ||
Line 21: | Line 22: | ||
</ | </ | ||
- | * For Service Providers: If you need your SP to execute Attribute Queries or Artifact Queries, your SP certificate should have the client attribute set. If you request your certificate from DFN-PKI, please use the template called " | + | * For Service Providers: If you need your SP to execute Attribute Queries or Artifact Queries, your SP certificate should have the client attribute set. If you request your certificate from DFN-PKI, please use the template called " |
< | < | ||
openssl x509 -in example.org.crt.pem -noout -text | grep -A 1 " | openssl x509 -in example.org.crt.pem -noout -text | grep -A 1 " | ||
Line 28: | Line 29: | ||
</ | </ | ||
- | * Put your new system into our ** test federation** DFN-AAI-Test. Use our [[en: | + | * Put your new system into our ** test federation** DFN-AAI-Test. Use our [[en: |
{{: | {{: | ||
* If it does, submit a request to join DFN-AAI. | * If it does, submit a request to join DFN-AAI. |