Global Metadata Import Process

The global eduGAIN metadata import process is built on top of two independent operations:

Phase 1 Import Operation:

1. GET the eduGAIN aggregate from the eduGAIN MDS server, verify its signature, and validate the validUntil date. If successful, continue with step 2; otherwise FAIL this Import Operation with notifications.

2. Write the aggregate to a pre-specified file location.

Phase 2 Aggregate Operation:

1. Read the eduGAIN aggregate from the file system, verify its signature, and validate the validUntil date. If successful, continue with step 2; otherwise FAIL this Aggregate Operation.

2. Combine the entities registered by InCommon with the entities imported from eduGAIN.

3. Sign and publish the combined aggregate.

4. Publish reports including 1) a diff between two consecutive combined aggregates and 2) the entities filtered from the eduGAIN aggregate.

A controller script executes the Import Operation in a cron job every 30 mins beginning at 9:00 am ET and ending at 2:30 pm ET. The Aggregate Operation is manually executed once at approximately 3:00 pm ET. This results in a comprehensive metadata signing process that spans multiple hours of the day:

On a typical day, every Import Operation will succeed (even though only one successful Import Operation is required). If a particular Import Operation fails, that failure will be reported and staff will be alerted, but in any case, the sequence of Import Operations will continue unabated until the Aggregate Operation is finally performed at approximately 3:00 ET. In this way, we keep our finger on the pulse of eduGAIN metadata distribution and ensure (with high probability) that the Aggregate Operation has access to a fresh local copy of the eduGAIN aggregate at the designated time.