New releases of federation documents and timeline for removal of features
Posted on Wednesday, 25 August 2021
We are pleased to announce that new versions of the FTS (Federation Technical Specifications) and TRP (Technical Recommendations for Participants) have been published at https://docs.ukfederation.org.uk/. This is the first revision since 2014. It announces a new service and provides a timeline for removal of features that have reached their end-of-life.
The main addition is that our MDQ (Metadata Query) Service is now formally in production. Section 4.3 of the FTS describes the service and notes that using MDQ to acquire metadata can dramatically reduce the required bandwidth and memory to operate an entity. The infrastructure has been running without a glitch since 2017 and many IdPs already use the service. Our documention at https://www.ukfederation.org.uk/content/Documents/MDQ will be updated in the near future to reflect this.
Some features now have a timeline for removal. Please consider each of these carefully:
1. The triple scope convention will be retired on 1 November 2021. This experimental feature intended to reduce the size of metadata is being discontinued. In the unlikely event that your Service Provider relies on a copy of the shibmd:Scope being present in the Extensions element of an entity's EntityDescriptor, instead of the typical location in the IDPSSODescriptor or AttributeAuthorityDescriptor, you will have to modify your deployment. You can test your deployment now against the test aggregate. Details in section 3.5.2 of the FTS.
ukfedlabel:UKFederationMember element will be retired on 1 November 2021 in favour of standardised Metadata extensions for Registration and Publication Information (mdrpi). This will be replaced by the UK federation's mdrpi:registrationAuthority URL on entities registered by the UK federation. IdP operators should review their attribute filtering rules to ensure that they do not have any which depend on the
ukfedlabel:UKFederationMember element. Similarly, SP operators which have authorization rules based on presence of this element should migrate to the new mechanism. You can test your deployment now against the test aggregate. Details in section 3.6.1 of the FTS.
3. The WAYF protocol on the UK federation CDS is deprecated and although no date has yet been set for the removal of the WAYF endpoint, service provider deployers are advised to migrate to the DS protocol endpoint as described in section 18.104.22.168 to avoid future disruption.
Edited by AlexStuart on 25 August 2021, at 08:17 PM