<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
</head>
<body text="#000000" bgcolor="#FFFFFF">
<table width="100%" cellspacing="0" cellpadding="0" border="0">
<tbody>
<tr>
<td class="mPadding0" style="padding-bottom: 20px;"
valign="top" align="left">
<table width="100%" cellspacing="0" cellpadding="0"
border="0">
<tbody>
<tr>
<td valign="top" bgcolor="#FFFFFE" align="center">
<table class="mWidth100" style="width: 620px;"
cellspacing="0" cellpadding="0" border="0"
align="center">
<tbody>
<tr>
<td class="mHdrPadding" style="padding: 15px
0px;" valign="top" align="left">
<table width="100%" cellspacing="0"
cellpadding="0" border="0">
<tbody>
<tr>
<td align="left">
<table width="100%" cellspacing="0"
cellpadding="0" border="0">
<tbody>
<tr>
<td class="nb_title"
style="font-family: Arial,
Helvetica, 'Helvetica Neue',
sans-serif; font-size: 19px;
color: #000001; font-weight:
bold; line-height: 22px;"
align="left">SURFconext News
SP-edition 2020 #1</td>
</tr>
</tbody>
</table>
</td>
</tr>
</tbody>
</table>
</td>
</tr>
<tr>
<td class="mHdrPadding" style="padding: 0px
0px;" valign="top" align="left">
<table width="100%" cellspacing="0"
cellpadding="0" border="0">
<tbody>
<tr>
<td style="padding: 0px 0px;"
valign="top" align="left"><img
src="cid:part1.4CCE2C54.0BD6BA08@surfconext.nl"
alt="" moz-do-not-send="false"
class="" width="600" height="125"></td>
</tr>
<tr>
<td style="padding: 0px 0px;
line-height: 0px; font-size: 0px;"
valign="top" height="16"
align="left"><br>
</td>
</tr>
</tbody>
</table>
</td>
</tr>
</tbody>
</table>
</td>
</tr>
</tbody>
</table>
</td>
</tr>
</tbody>
</table>
<table width="100%" cellspacing="0" cellpadding="0" border="0">
<tbody>
<tr>
<td class="mFlexPadding" style="padding-bottom: 5px;"
valign="top" align="center">
<table class="mWidth100" style="width: 660px;"
cellspacing="0" cellpadding="0" border="0" align="center">
<tbody>
<tr>
<td valign="top" align="left"><br>
<table width="100%" cellspacing="0" cellpadding="0"
border="0">
<tbody>
<tr>
<td class="mPadding0" style="padding-bottom:
20px;" valign="top" align="left">
<table width="100%" cellspacing="0"
cellpadding="0" border="0">
<tbody>
<tr>
<td valign="top" align="left">
<table width="100%" cellspacing="0"
cellpadding="0" border="0">
<tbody>
<tr>
<td class="mHide"
style="width: 12px;
line-height: 0px; margin:
0px; font-size: 0px;"
valign="top">
<h2> </h2>
</td>
<td style="height: 12px;
line-height: 0px; margin:
0px; font-size: 0px;"
height="12"
bgcolor="#FFFFFF"> </td>
<td class="mHide"
style="width: 12px;
line-height: 0px; margin:
0px; font-size: 0px;"
valign="top"> </td>
</tr>
</tbody>
</table>
</td>
</tr>
<tr>
<td valign="top" bgcolor="#FFFFFF"
align="center">
<table class="mWidth100"
style="width: 620px;"
cellspacing="0" cellpadding="0"
border="0" align="center">
<tbody>
<tr>
<td class="nb_kop"
style="font-family: Arial,
Helvetica, 'Helvetica Neue',
sans-serif; color: #1570a6;
font-size: 15px;
line-height: 20px;
font-weight: bold; padding:
4px 0px 2px;" valign="top"
align="left"> </td>
</tr>
<tr>
<td valign="top" align="left">
<table width="100%"
cellspacing="0"
cellpadding="0" border="0">
<tbody>
<tr>
<td valign="top"
align="left">This
newsletter will
bring you
information about
new developments
regarding
SURFconext, plans
for the future, tips
and tricks and will
appear on an
irregular basis.<br>
<br>
<b>Who receive this
newsletter?</b><br>
All technical and
administrative
contacts of a
service connected to
SURFconext will
receive this
newsletter.
Subscribe <a
moz-do-not-send="true"
href="https://list.surfnet.nl/mailman/listinfo/surfconext-sp-newsletter">here</a>
and unsubscribe <a
moz-do-not-send="true"
href="https://list.surfnet.nl/mailman/options/surfconext-sp-newsletter">here</a>.<br>
<br>
For an overview of
all mailings by the
SURFconext team, see
the following page.<br>
<br>
In this edition:<br>
<br>
1. New Chrome
version changes the
way it treats
cookies<br>
2. Heads-up:
SURFsecureID key
rollover<br>
3. Keep your
security up to date
and remove TLS 1.0
and TLS 1.1<br>
4. Customer
satisfaction<br>
5. SP Dashboard:
let us know what you
think<br>
<br>
<h1>Chrome changes
the way it treats
cookies<br>
</h1>
As of version 80 of
Chrome, that will be
released the 30th of
January, Chrome
changes the way it
treats cookies. In
particular, it will
set a new default
for the SameSite
parameter in
cookies. It's
important to review
your software and
make sure you're not
affected by this new
behaviour, since it
could potentially
break the SURFconext
login.<br>
<br>
Before Chrome 80,
the default was
"SameSite=none". The
new default is
"SameSite=lax".
Furthermore, cookies
that have explicitly
set this attribute
also need to have
set the "secure"
parameter. These
parameter changes
could potentially
break SAML
implementations that
have not set those
particular
attributes on their
cookies. <br>
<br>
We have published
documentation that
includes some <a
moz-do-not-send="true"
href="https://wiki.surfnet.nl/display/surfconextdev/Default+cookie+SameSite+attribute+behaviour+change">background
information and
potential
mitigating
measures. </a><br>
<h1>Heads-up:
SURFsecureID key
rollover<br>
</h1>
SURFsecureID will
migrate to a new
signing key because
the current one is
almost 5 years old
and will expire. <br>
<br>
If your service is
connected to
SURFsecureID, you
will need to take
action. Otherwise
users will not be
able to log in to
your service
anymore. Most SP's
can change their
SAML connection from
SURFsecureID to
SURFconext (and
we'll enable
SURFsecureID there).
Others will need to
import new
SURFsecureID
metadata containing
the new signing key.
We're working out
the details, so you
can read this
message as a
heads-up. <br>
<br>
We will contact each
SP directly via an
email to their
registered contact
email address with
more detailed
instructions.
SURFconext support
is available for any
questions or
assistance at <a
class="moz-txt-link-abbreviated"
href="mailto:support@surfconext.nl">support@surfconext.nl</a>.<br>
<h1
id="SPnewsjan2020-KeepyoursecurityuptodateandremoveTLS1.0andTLS1.1">Keep
your security up
to date and remove
TLS 1.0 and TLS
1.1</h1>
You need to keep
traffic to your
service secure so
user can logon
safely. If you
support the
protocols TLS 1.0
and TLS 1.1 you need
disable these and
start supporting TLS
1.2. <br>
<br>
There are no fixes
or patches that can
adequately fix SSL
or deprecated TLS
versions to keep
user data safe. It
is important that
you upgrade as soon
as possible. Support
for TLS 1.0 and TLS
1.1 will be removed
from browsers early
2020 so users will
be locked out of
your service if
secure versions are
not supported. When
you connected to
SURFconext we
assessed your
security measures
and rated your
service by using SSL
Labs. A+ is the
highest possible
rating. This rating
is subject to decay
and will go down in
February and will be
at most B if you
still support TLS
1.0 and TLS 1.1. If
this drops below B
we will be in touch.<br>
<br>
Consult the SSL Labs
website for an <a
moz-do-not-send="true"
href="https://www.ssllabs.com/ssltest/clients.html"> overview of
compatible user
agents</a> and
compatibility with
the secure TLS 1.2.
Read <a
moz-do-not-send="true"
href="https://wiki.surfnet.nl/pages/viewpage.action?pageId=10125388">our
wiki</a> on how to
keep an A rating (or
higher!).<br>
<h1>Customer
satisfaction<br>
</h1>
With 141 fully
completed
questionnaires (99
SP, 42 IdP), the
response of the last
SURFconext customer
satisfaction survey
was above
expectation. Thank
you all very much
for filling in the
questionnaire.<br>
<h4>Outcomes</h4>
As was the case last
time, the majority
of the respondents
are satisfied with
SURFconext. This is
shown by the nice
report figures. At
the same time, we
can see that there
is room for
improvement. You
mentioned a number
of specific topics,
such as a more
straightforward
connection process,
more self-service,
and integration with
other SURF services.<br>
<h4>What is the next
step?</h4>
We will be using the
coming period to
convert these topics
into concrete plans.
Many of the topics
mentioned are
already top
priority, but this
survey will enable
us to better
prioritise them.<br>
<h1>SP Dashboard:
let us know what
you think<br>
</h1>
<p>If you are
currently working
with the SP
Dashboard, and you
miss out on
features or see
things that could
be improved,
please let us know
at <a
class="moz-txt-link-abbreviated"
href="mailto:support@surfconext.nl">support@surfconext.nl</a>. In the
coming months we
will be working on
SP Dashboard. Your
input allows us to
better assess
which topics
should will be
added first.<br>
<br>
The SURFconext <a
moz-do-not-send="true" href="https://sp.surfconext.nl/">Service Provider
Dashboard</a>
enables you to
manage your
service(s) on the
SURFconext
platform. It
allows you to
create, test and
edit entities
before promoting
them to
production. <br>
</p>
<br>
<hr></td>
</tr>
<tr>
<td valign="top"><br>
</td>
</tr>
</tbody>
</table>
</td>
</tr>
</tbody>
</table>
</td>
</tr>
</tbody>
</table>
</td>
</tr>
</tbody>
</table>
</td>
</tr>
</tbody>
</table>
</td>
</tr>
</tbody>
</table>
</body>
</html>