By Mikkel Hald, 24/11/25
WAYF’s metadata are the configuration details that connected systems need in order to communicate through WAYF; they are published in standardized XML documents, which can be found here.
The documents are provided with a digital signature from WAYF; and the systems that read them can then ensure that the documents actually originate from WAYF by checking whether the signature matches WAYF’s public signing key (WAYF’s signing “certificate”) for metadata. That key can be seen here on WAYF’s website and can also be obtained by contacting the WAYF Secretariat.
Digital signing keys and signatures come in different lengths and are considered more secure (i.e. harder to guess or forge) the longer they are. WAYF’s current (so-called RSA) key for metadata signing is 2048 bits long, which is still considered sufficiently secure; but to counter increasing attack capacity in the form of faster computers and improved algorithms, WAYF will switch on 1 December 2025 to using a 3072-bit RSA key for signing its metadata documents. This maintains security, but verification (or validation) of the signatures will be somewhat slower with the longer key — which is why, in general, one does not use longer keys than what matches one’s concrete security needs.
For user organisations and service providers in WAYF, the key change means that if your system reads metadata dynamically from WAYF, you must have the new signing key configured in your system no later than 1 December 2025. And if your system can only have one key configured for validating the metadata signature, then you must configure WAYF’s new key on 1 December. If, on the other hand, your system does not read metadata dynamically from WAYF but has a static and manually performed configuration for WAYF, then you do not need to do anything. This will likely be the case for the vast majority of organisations.
The new key is the lower one of the two shown at the bottom of this page and can also be obtained by contacting the WAYF Secretariat.
ACCEPTED
REJECTED
Due to the declining security of 2048-bit RSA keys, WAYF will also soon replace the one used for every login or logout transaction through WAYF — the so-called traffic key. All organisations participating in WAYF will be notified directly when this is to happen, and they will need to start configuring the new 3072-bit traffic keys. The transition should not affect many of WAYF’s user organisations; but service providers will need to have implemented the new configuration before the day on which WAYF retires its current 2048-bit traffic key. Both the old and the new keys will function during a transition period, so regardless of how one’s system is designed, it will be possible to switch with no downtime. But we will return to that later; here the focus is solely on the RSA key used to verify the digital signature on metadata from WAYF.