Short Lived Certificate Service (SLCS)

ARCS SLCS Server

ARCS has a SLCS server at slcs1.arcs.org.au

To enable your IDP with this service you will need to email help@arcs.org.au. See: SlcsAgreement

IdP Requirements

You will need to release the following attributes

• urn:mace:dir:attribute-def:cn
• urn:mace:federation.org.au:attribute:auEduPersonSharedToken
• urn:mace:dir:attribute-def:mail
• urn:mace:dir:attribute-def:eduPersonAssurance *Not required yet but will be in the future

Example ARP

<Rule>
  <Description>ARCS SLCS</Description>
  <Target>
    <Requester matchFunction="urn:mace:shibboleth:arp:matchFunction:exactShar">https://slcs1.arcs.org.au/shibboleth</Requester>
  </Target>

  <Attribute name="urn:mace:federation.org.au:attribute:auEduPersonSharedToken">
    <AnyValue release="permit"/>
  </Attribute>

  <Attribute name="urn:mace:dir:attribute-def:mail">
    <AnyValue release="permit"/>
  </Attribute>

  <Attribute name="urn:mace:dir:attribute-def:cn">
    <AnyValue release="permit"/>
  </Attribute>

  <Attribute name="urn:mace:dir:attribute-def:eduPersonAssurance">
    <AnyValue release="permit"/>
  </Attribute>

</Rule>

Install the ARCS SLCS CA bundle

To install the ARCS SLCS CA bundle on a Globus like system, do the following:

cd /etc/grid-security  
wget --no-check-certificate https://slcs1.arcs.org.au/arcs-slcs-ca.tar.gz -O - | tar xvz  
cd arcs-slcs-ca 
cp * /etc/grid-security/certificates  

The SHA1 hash of the tarball is:

c4e196d6ebc824f3a511ffcb2bd0e4e159b5e9d5  arcs-slcs-ca.tar.gz 

For vdt-update-certs-wrapper you will also need to edit /opt/vdt/vdt/etc/vdt-update-certs.conf and add:

include=/etc/grid-security/arcs-slcs-ca/1ed4795f.0 
include=/etc/grid-security/arcs-slcs-ca/1ed4795f.namespaces 
include=/etc/grid-security/arcs-slcs-ca/1ed4795f.signing_policy

SLCS Clients

For SLCS clients, see https://projects.arcs.org.au/trac/slcs-client/

A SlcsAgreement - for each of the MARCs

-- SamMorrison - 19 Sep 2008