Merge remote-tracking branch 'upstream/master'

build.xml

@@ -2244,6 +2244,9 @@
     <target name="flow.verifyEdugain.output">
         <CHANNEL.do verb="verify" channel="int_edugain"/>
     </target>
+    <target name="flow.verifyEdugain.output.new">
+        <CHANNEL.do verb="verify.new" channel="int_edugain"/>
+    </target>
     <target name="flow.verifyEdugain.output.all">
         <CHANNEL.do verb="verify.all" channel="int_edugain"/>
     </target>
@@ -2294,7 +2297,7 @@
     <target name="check.mailing.list" depends="flow.uk.collect">
         <echo>Checking mailing list entries.</echo>
         <exec executable="perl" dir="${build.dir}">
-            <arg value="${build.dir}/addresses.pl"/>
+            <arg value="${utilities.dir}/addresses.pl"/>
         </exec>
     </target>
 
@@ -2423,7 +2426,7 @@
         <exec executable="perl" dir="${utilities.dir}"
             input="${temp.dir}/embedded.pem">
             <arg value="${utilities.dir}/check_embedded.pl"/>
-            <arg value="-q"/>
+            <arg value="${entities.dir}/expiry_whitelist.txt"/>
         </exec>
         <delete file="${temp.dir}/embedded.pem" quiet="true" verbose="false"/>
     </target>

charting/fetch.pl

@@ -7,7 +7,7 @@
 use Months;
 
 # Call git on the products directory
-my $git = "/usr/bin/env git -C ../../ukf-products";
+my $git = "/usr/bin/env git --git-dir ../../ukf-products/.git";
 
 $fn1 = 'aggregates/ukfederation-metadata.xml';
 $fn2 = 'aggregates/ukfederation-stats.html';

mdx/_rules/check_rands_member.xsl

@@ -0,0 +1,86 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+
+	check_rands_member.xsl
+	
+	Checking ruleset containing rules associated with membership of the REFEDS
+	Research and Scholarship entity category, see:
+
+		https://refeds.org/category/research-and-scholarship/
+		
+	This ruleset reflects v1.3, 8-Sep-2016.
+
+	Author: Ian A. Young <ian@iay.org.uk>
+
+-->
+<xsl:stylesheet version="1.0"
+	xmlns:xsl="http://www.w3.org/1999/XSL/Transform"
+	xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata"
+	xmlns:mdattr="urn:oasis:names:tc:SAML:metadata:attribute"
+	xmlns:mdui="urn:oasis:names:tc:SAML:metadata:ui"
+	xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion"
+	xmlns="urn:oasis:names:tc:SAML:2.0:metadata">
+
+	<!--
+		Common support functions.
+	-->
+	<xsl:import href="check_framework.xsl"/>
+
+    <!--
+    	Process entity category.
+	-->
+	<xsl:template match="md:EntityDescriptor
+		[md:Extensions/mdattr:EntityAttributes/saml:Attribute
+		[@NameFormat='urn:oasis:names:tc:SAML:2.0:attrname-format:uri']
+		[@Name='http://macedir.org/entity-category']
+		/saml:AttributeValue[.='http://refeds.org/category/research-and-scholarship']
+		]">
+		<xsl:choose>
+			<!--
+				(Implicit) applies only to service providers.
+			-->
+			<xsl:when test="not(md:SPSSODescriptor)">
+				<xsl:call-template name="error">
+					<xsl:with-param name="m">REFEDS R+S only applies to service provider entities</xsl:with-param>
+				</xsl:call-template>        
+			</xsl:when>
+			<!--
+		        4.3.1
+
+        		The Service Provider [...] supports SAML V2.0 HTTP-POST binding.
+    		-->
+			<xsl:when test="not(md:SPSSODescriptor/md:AssertionConsumerService
+				[@Binding='urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST'])">
+				<xsl:call-template name="error">
+					<xsl:with-param name="m">REFEDS R+S requires SAML 2.0 POST support</xsl:with-param>
+				</xsl:call-template>        
+			</xsl:when>
+			<!--
+				4.3.3
+				
+				The Service Provider provides an mdui:DisplayName and mdui:InformationURL in metadata.
+			-->
+			<xsl:when test="not(md:SPSSODescriptor/md:Extensions/mdui:UIInfo/mdui:DisplayName)">
+				<xsl:call-template name="error">
+					<xsl:with-param name="m">REFEDS R+S requires mdui:DisplayName</xsl:with-param>
+				</xsl:call-template>        
+			</xsl:when>
+			<xsl:when test="not(md:SPSSODescriptor/md:Extensions/mdui:UIInfo/mdui:InformationURL)">
+				<xsl:call-template name="error">
+					<xsl:with-param name="m">REFEDS R+S requires mdui:InformationURL</xsl:with-param>
+				</xsl:call-template>        
+			</xsl:when>
+			<!--
+				4.3.4
+
+				The Service Provider provides one or more technical contacts in metadata.
+			-->
+			<xsl:when test="not(md:ContactPerson[@contactType='technical'])">
+				<xsl:call-template name="error">
+					<xsl:with-param name="m">REFEDS R+S requires one or more technical contacts</xsl:with-param>
+				</xsl:call-template>        
+			</xsl:when>
+		</xsl:choose>
+	</xsl:template>
+
+</xsl:stylesheet>

mdx/_rules/check_rands_support.xsl

@@ -0,0 +1,49 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+
+	check_rands_support.xsl
+	
+	Checking ruleset containing rules associated with the REFEDS
+	Research and Scholarship entity support category, see:
+
+		https://refeds.org/category/research-and-scholarship/
+		
+	This ruleset reflects v1.3, 8-Sep-2016.
+	
+	Author: Ian A. Young <ian@iay.org.uk>
+
+-->
+<xsl:stylesheet version="1.0"
+	xmlns:xsl="http://www.w3.org/1999/XSL/Transform"
+	xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata"
+	xmlns:mdattr="urn:oasis:names:tc:SAML:metadata:attribute"
+	xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion"
+	xmlns="urn:oasis:names:tc:SAML:2.0:metadata">
+
+	<!--
+		Common support functions.
+	-->
+	<xsl:import href="check_framework.xsl"/>
+
+	<!--
+        Process entity support category.
+    -->
+	<xsl:template match="md:EntityDescriptor
+		[md:Extensions/mdattr:EntityAttributes/saml:Attribute
+		[@NameFormat='urn:oasis:names:tc:SAML:2.0:attrname-format:uri']
+		[@Name='http://macedir.org/entity-category-support']
+		/saml:AttributeValue[.='http://refeds.org/category/research-and-scholarship']
+		]">
+		<xsl:choose>
+			<!--
+                (Implicit) applies only to identity providers.
+            -->
+			<xsl:when test="not(md:IDPSSODescriptor)">
+				<xsl:call-template name="error">
+					<xsl:with-param name="m">REFEDS R+S support only applies to identity provider entities</xsl:with-param>
+				</xsl:call-template>        
+			</xsl:when>
+		</xsl:choose>
+	</xsl:template>
+
+</xsl:stylesheet>