en:tech:metadata-publication

Rozdíly

Zde můžete vidět rozdíly mezi vybranou verzí a aktuální verzí dané stránky.

Odkaz na výstup diff

Obě strany předchozí revize Předchozí verze
Následující verze
Předchozí verze
en:tech:metadata-publication [2012/08/21 05:37]
jpavlik@cesnet.cz Jiří Pavlík
en:tech:metadata-publication [2022/12/07 17:41] (aktuální)
Jan Oppolzer [Publication by S/MIME signed email] -CESNET CA +TCS
Řádek 19: Řádek 19:
 authorised personnel should submit metadata for a federation authorised personnel should submit metadata for a federation
 component. All members from the Czech academic community must use [[http://​en.wikipedia.org/​wiki/​S/​MIME|S/​MIME]] signed emails for metadata submissions. Signing certificates are component. All members from the Czech academic community must use [[http://​en.wikipedia.org/​wiki/​S/​MIME|S/​MIME]] signed emails for metadata submissions. Signing certificates are
-being issued by the [[http://www.cesnet.cz/pki/en/ch-intro.html|CESNET +being issued by the [[https://pki.cesnet.cz/cs/tcs-admin-root.html|TCS service]].
-CA]]. CESNET CA issues X509 certificates only to individuals who personally visit the CESNET RA Office.+
  
 The external members of the eduID.cz federation, especially those situated outside the Czech Republic, can use alternative ways of metadata The external members of the eduID.cz federation, especially those situated outside the Czech Republic, can use alternative ways of metadata
Řádek 33: Řádek 32:
 attachment by the respective administrative contact. The email must attachment by the respective administrative contact. The email must
 contain details, that allow the sender to be verified. The sender address must be the same as the one registered in the contain details, that allow the sender to be verified. The sender address must be the same as the one registered in the
-[[:en:eduid:​join:#​administrative_contact_registration|appointment+[[:​en:​join:#​administrative_contact_registration|appointment
 form]] and must contain valid S/MIME signature. The certificate used form]] and must contain valid S/MIME signature. The certificate used
 for the S/MIME signature must be issued to the person appointed as an for the S/MIME signature must be issued to the person appointed as an
Řádek 39: Řádek 38:
  
 List of accepted CAs: List of accepted CAs:
-  * [[http://​www.cesnet.cz/​pki/​en/​ch-personal.html|CESNET CA]] - this CA requires personal visit and is mainly working only for the Czech Academic Community. This CA is not suitable for external/​foreign partners situated outside the Czech Republic. 
-  * <​del>​CESNET Partner CA  - designated for external/​foreign partners. It provides personal certificates to the organisations willing to join the eduID.cz federation. CESNET Partner RA doesn'​t require a personal visit. Email and fax communication is sufficient. If you need a personal certificate issued by Partner CA, please [[eduid-admin@eduid.cz|send us request]].</​del>​ Not available at this moment. 
   * Any accredited commercial CA. If the administrative contact has a personal certificate issued by a commercial CA, it may be used as well, but first the issuer CA should be accredited by the operator of the eduID.cz federation. Send your requests to [[eduid-admin@eduid.cz]].   * Any accredited commercial CA. If the administrative contact has a personal certificate issued by a commercial CA, it may be used as well, but first the issuer CA should be accredited by the operator of the eduID.cz federation. Send your requests to [[eduid-admin@eduid.cz]].
- +  * Any CA that is currently issuing certificates via [[https://pki.cesnet.cz/cs/tcs-admin-root.html|TCS service]].
-==== Publication by email and FAX or mail ==== +
- +
-The following method may be used as an alternative way of metadata +
-submission, if there is no possibility to use S/MIME signed emails. +
- +
-The metadata need to be sent to [[eduid-admin@eduid.cz]] as an email +
-attachment by the respective administrative contact. The email must +
-contain details, which allow the sender to be verified. The sender email address must be the same as the one registered in the [[:en:​eduid:​join:#​administrative_contact_registration|appointment form]]. +
- +
-Along with the email a {{:​eduid:​resources:​download:​pruvodka-eduid.cz-20090615.doc|metadata +
-waybill}} must be faxed to number +420 224 313 211 or sent by post to address: +
- +
- +
-    eduID.cz admin +
-    CESNET, z. s. p. o. +
-    Zikova 4 +
-    160 00 Praha 6 +
-    Czech Republic +
- +
-:!: Scanned versions sent by email will not be accepted. +
- +
-=== SHA1 hash calculation on Linux === +
- +
-Simply use the program called sha1sum: +
- +
-    semik@doma:​$ sha1sum www.cesnet.cz.metadata.xml  +
-    51bbb62b3cd34dde716631bce445bb8ae39a906d ​ www.cesnet.cz.metadata.xml +
- +
-=== SHA1 hash calculation on Windows === +
- +
-On Windows you must first download the [[http://support.microsoft.com/​kb/​841290|fciv utility]]. The usage is simple: +
- +
-    E:\>fciv -sha1 www.cesnet.cz.metadata.xml +
-    // File Checksum Integrity Verifier version 2.05. +
-    51bbb62b3cd34dde716631bce445bb8ae39a906d www.cesnet.cz.metadata.xml +
- +
-=== SHA1 hash calculation on OS X === +
- +
-On Mac it is simple too: +
- +
-    MacBook-jp:​~ pavlik$ /​usr/​bin/​openssl sha1 www.cesnet.cz.metadata.xml +
-    SHA1(www.cesnet.cz.metadata.xml)= 51bbb62b3cd34dde716631bce445bb8ae39a906d+
  
  
 ===== Metadata distribution ===== ===== Metadata distribution =====
  
-The federation metadata are available at a location accessible through HTTP and maintained by the operator of the federation. The valid URLs as well as another tehcnical details are available in the [[..:details:]] section.+The federation metadata are available at a location accessible through HTTP and maintained by the operator of the federation. The valid URLs as well as another tehcnical details are available in the [[:cs:tech:​summary]] section.
Poslední úprava:: 2017/02/10 07:02