Retire key use fixup in production and WAYF aggregates

See ukf/ukf-meta#109.
internet2 · Feb 10, 2017 · 54623c0 · 54623c0
1 parent f2021d9
commit 54623c0
Show file tree

Hide file tree

Showing 2 changed files with 9 additions and 7 deletions.
diff --git a/mdx/uk/README.md b/mdx/uk/README.md
@@ -43,6 +43,12 @@ The production maturity pipeline consists of:
 In this arrangement, features are first introduced to the `test` variant of the aggregate for a period
 before being included in the `metadata` variant consumed by federation members.
 
+The following additional aggregates are normally kept in sync (where appropriate) with the production `metadata`
+aggregate:
+
+* `ukfederation-cdsall-unsigned.xml`
+* `ukfederation-wayf-unsigned.xml`
+
 Once a feature has been "in production" (present in the `metadata` variant) for a period, normally one month but
 subject to extension at Federation discretion, it will be introduced to the `back` variant. This provides a
 temporary "fallback" mechanism for entity owners whose entities have difficulty with a newly introduced
@@ -57,9 +63,6 @@ Status (2017-02-08):
 
 * the test aggregate implements a _blacklisting_ approach to entity attributes imported from eduGAIN,
 while the production aggregate implements the traditional entity attribute _whitelist_.
-* the test aggregate no longer implements the "key use" fixup required for pre-1.3.1 Shibboleth SPs.
-This adds the `use="signing"` XML attribute to `<KeyDescriptor>` elements present in IdP metadata
-without a `use` attribute. It is not needed for later releases of the Shibboleth SP.
 * The test aggregate normalises the `xenc` namespace to not use a prefix, as it is not very commonly used.
 
 ### Fallback Aggregate vs. Production Aggregate
@@ -70,3 +73,6 @@ Status (2017-02-08):
 instead of in each SAML `<Attribute>`. (2017-02-08)
 * The production aggregate defines the `mdattr` namespace prefix (used by entity attributes) on the document element
 instead of in each `<EntityAttributes>` element. (2017-02-08)
+* the production aggregate no longer implements the "key use" fixup required for pre-1.3.1 Shibboleth SPs.
+This adds the `use="signing"` XML attribute to `<KeyDescriptor>` elements present in IdP metadata
+without a `use` attribute. It is not needed for later releases of the Shibboleth SP. (2017-02-10)
diff --git a/mdx/uk/generate.xml b/mdx/uk/generate.xml
@@ -337,12 +337,10 @@
                 <ref bean="entityAttributes.whitelist"/>
                 <ref bean="uk_assemble"/>
                 <ref bean="stripWayfNamespace"/>
-                <ref bean="fixup_keyuse"/>
                 <ref bean="uk_finaliseProduction"/>
                 <ref bean="uk_normaliseNamespaces"/>
 
                 <!-- production aggregate MUST pass publishability test -->
-                <ref bean="check_fixup_keyuse"/>
                 <ref bean="checkPublishable"/>
                 <ref bean="errorTerminatingFilter"/>
 
@@ -407,12 +405,10 @@
                 <ref bean="stripEmptyExtensions"/>
 
                 <ref bean="stripMdattrNamespace"/>
-                <ref bean="fixup_keyuse"/>
                 <ref bean="uk_finaliseProduction"/>
                 <ref bean="uk_normaliseNamespaces"/>
 
                 <!-- WAYF aggregate MUST pass publishability test -->
-                <ref bean="check_fixup_keyuse"/>
                 <ref bean="checkPublishable"/>
                 <ref bean="errorTerminatingFilter"/>