...
The significance column is meant for possible future use, i.e. grouping problems in order to solve the most important first. Proposed significance range is from 1 (least significant) to 5 (most significant). If found useful, this classification should be subject to a future discussion in the eduGAIN SG.
2-entity | 2 |
| Condition | Level | Significance | Reason |
---|
1 | Signing certificate expired | 1-global | 1 | Currently implemented as a validator warning. To be confirmed by the SG. |
2 | md:EmailAddress in md:ContactPerson element should start with mailto: prefix | 2-entity | 4 | This violates line 495 of https://docs.oasis-open.org/security/saml/v2.0/saml-metadata-2.0-os.pdf and should be considered an error! |
3 |
Wrong SIRTFI namespace used, xmlns: ... is not declared | 2-entity | 2 | SIRTFI specification error | 4 | Wrong SIRTFI namespace declared, should be http://refeds.org/metadata instead of ... | specification error5 | SIRTFI 6 declared appropriate md:ContactPerson setsecurity ContactPerson definition found | 2-entity | 2 | SIRTFI specification error |
786 | mdattr:EntityAttributes placed in md:Extensions element of SPSSODescriptor/IDPSSODescriptor, expected in md:Extensions element of md:EntityDescriptor | 2-entity | 1 | Since http://docs.oasis-open.org/security/saml/Post2.0/sstc-metadata-attr.html does not define appearance of this element in places other then md:Extensions element of EntityDescriptor it is most likely that the condition is a result of a mistake. |
97 | mdrpi:RegistrationPolicy not found | 2-entity | 3 | eduGAIN SAML profile Section 3 |
108 | mdattr:EntityAttributes element contains saml:AttributeValue with leading/trailing whitespaces | 2-entity | 3 |
11
|
9 | mdattr:EntityAttributes element contains duplicated saml:Attribute / saml:AttributeValue declaration | 2-entity | ?? |
12
|
10 | mdui:UIInfo found but mdui:DisplayName not present | 3-role | 3 | eduGAIN SAML profile Section 3 |
1311 | mdui:UIInfo found but no mdui:Logo element | 3-role | 1 | eduGAIN SAML profile Section 3 |
1412 | mdui:UIInfo / mdui:DisplayName does not have English value | 3-role | ?? |
15
|
13 | mdui:UIInfo not found, no mdui:DisplayName and mdui:Description present | 3-role (SP-only) | 3 | eduGAIN SAML profile Section 3 |
1614 | mdui:UIInfo with mdui:DisplayName found but mdui:Description not present | 3-role (SP-only) | 3 | eduGAIN SAML profile Section 3 |
1715 | mdui:UIInfo found but neither mdui:DisplayName nor mdui:Description present | 3-role (SP-only) | 3 | eduGAIN SAML profile Section 3 |
1816 | mdui:GeolocationHint value does not conform to coordinates specification [RFC5870] (missing longitude) | 3-role | 3 | RFC5870 |
1917 | Data Protection Code of Conduct declared but no mdui:PrivacyStatementURL found | 3-role | 4 | Violates the CoCo spec |
2018 | Data Protection Code of Conduct declared but md:RequestedAttribute element not found | 3-role | 4 | Violates the CoCo spec |
2119 | mdui:Logo content size is larger than 40000 and smaller than 50000 characters | 3-role |
| Decided by eduGAIN SG |
2220 | mdui:Logo content size is 50000 or more characters | 3-role |
| Decided by eduGAIN SG |
2321 | R&S Category declared but the SP does not provide required mdui:DisplayName | 3-role | 4 | R&S spec 4.3.3 |
2422 | R&S Category declared but the SP does not provide required mdui:InformationURL | 3-role (SP only) | 4 | R&S spec 4.3.3 |
2523 | R&S Category declared but the SP does not provide the required Binding urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST in md:AssertionConsumerService | 3-role (SP only) | 4 | R&S spec 4.3.1 |
2624 | R&S Category declared but the SP does not provide any technical contact | 2-entity | 4 | R&S spec 4.3.4 |
2725 | Some entities do not have an encryption certificate | 1-global |
28
|
|
26 | SP has a wrong signing certificate | 3-role (SP-only) |
29
|
|
27 | SP has no encryption certificate | 3-role (SP-only) |
|
|