Date: Fri, 29 Mar 2024 10:40:21 +0000 (UTC)
Message-ID: <536333160.7847.1711708821867@ip-10-10-7-29.ec2.internal>
Subject: Exported From Confluence
MIME-Version: 1.0
Content-Type: multipart/related;
boundary="----=_Part_7846_1629527866.1711708821865"
------=_Part_7846_1629527866.1711708821865
Content-Type: text/html; charset=UTF-8
Content-Transfer-Encoding: quoted-printable
Content-Location: file:///C:/exported.html
Agenda and Notes - 2016-09-07
Agenda and Notes - 2016-09-07
Per-Entity Metadata Working Group - 2016-09-07<=
br>Agenda and Notes
[EtherPad used to create these notes: Agenda_and_Notes_-_2016-09-07.etherpad]
<=
br>
Dial in from a Phone:
Dial one of the following numbers:
+1.408.740.7256
+1.888.240.2560
+1.408.317.9253
195646158 #
Meeting URL (for VOIP and video): https://bluejeans.com/195646158<=
br>
Wiki space: https://spaces.at.internet2.edu/x/T4PmBQ
Attendees
- Scott Koranda (LIGO)
- Michael Domingues (University of Iowa)
- David Walker (Internet2/InCommon)
- Tom Scavo, InCommon/Internet2
- Tom Mitchell (GENI)
- Ian Young
- IJ Kim, Internet2
- John Kazmerzak, University of Iowa
- Walter Hoehn, Memphis
- Rhys Smith, Jisc
- Phil Pishioneri, Penn State (leaving @14:25UTC)
- Chris Phillips, CANARIE
- Paul Caskey, Internet2
- Scott Cantor, tOSU
Agenda and Notes
- NOTE WELL: All Internet2 Activities are governed by the Internet2 Intel=
lectual Property Framework. - http://www.intern=
et2.edu/policies/intellectual-property-framework/
- NOTE WELL: The call is being recorded.
- Agenda bash
- Interim report/finding on IdP only aggregate
- Any feedback from TAC or Steering?
- What happens now?
- Anything further needed from the working group?
- TomS: The TAC accepted the interim report and will forward it to Steeri=
ng as an FYI. (It doesn't require a Steering vote.) Nothing mor=
e is needed from the working group.
- Update from UK fed MDQ rollout (Rhys)
- Moved UK federation infrastructure to Azure
- Ian has created Shibboleth MDA pipelines to take a single aggregate and=
output per-entity files, then sign them (performed with HSM)
- Symlinking SHA1 hash of entityID to per-entity file (and supports gzipp=
ed versions of each)
- Result is a MDQ server (Apache) that serves static files that are gener=
ated whenever a new aggregate is created (once it's in production).
- Not using commercial CDN at present (?)
- Pipeline performance (N.B.: Uses a "top-of-the-line" HSM -- Thale=
s nShield Connect): Generated 3605 files in 00:01:20
- 10.45k is the average size of the per-enttiy metadata files
- If you want to hit it, it's at http://mdq-test.ukfederation.org.=
uk/entities/
- e.g. =
http://mdq-test.ukfederation.org.uk/entities/https:%2F%2Ftest-idp.ukfederat=
ion.org.uk%2Fidp%2Fshibboleth
- Acceptable latency for our Requirements section
- Where do we measure latency?
- What numbers do we require?
- Strawman: "The 99th percentile of response times for queries to t=
he distribution layer must be less than 500ms, as measured from [the Intern=
et2 backbone]
- Do we have a measurement point on [the Internet2 backbone]?
- Over what period should we do these measurements?
- How often should the measurements be taken?
- The IdP could be instrumented to log response times. We could mon=
itor selected IdPs.
- We should request that instrumentation from the TIER project.
- We'll change 500ms to 200ms at 99th percentile (David and Scott K will =
add further specifiers / decorations to this metric)
- Responsiveness/Performance
- Ability to maintain the latency requirements over time -- should includ=
e target latency over rate of queries -- incorporate load for target metric=
s
- Understanding the initial load to be placed on the servers is hard.&nbs=
p; Function of net federation login activity (future) as opposed to net agg=
regate size (current). We'll put the issue on Ops's road map.
- The performance targets above will be measured on a monthly basis
- Scott C: In the education space (as opposed to the commercial sector) w=
e tend to have different seasonal load peaks
- HTTPS and the TLS trust model for InCommon MDQ service
- Further discussion of pros and cons
- Consensus for report?
- HTTPS is desirable, but not required in our specs (?)
- Perhaps a Phase II item?
- We'll need to decide what the certificate should be.
- ScottC: At some point, we'll need to address validity times
- These will probably be hours or days.
- TLS can help mitigate the risk of getting stale metadata from a spoofed=
server.
- To be clear, TLS is not a substitute for the signatures in the=
metadata.
- We'll continue this discussion via email and in next week's call.
- Deployment architecture: CDN versus hosted servers
- What are the discriminators other than cost?
- (We ran out of time for this.)
- Charter review: what have we missed?
- https://spaces.at.internet2.edu/display/pe=
rentity/Per-Entity+Metadata+Working+Group+Charter
- Everyone please review this before next call to make sure we aren't mis=
sing anything.
- Timeline going forward (2 calls)
- Propose that we focus on the report deliverable
- Use calls to efficiently work through issues on text/diagrams
- Any remaining time is spent brainstorming on discovery
------=_Part_7846_1629527866.1711708821865--