Metadata Distribution Working Group of the InCommon Technical Advisory Committee (TAC)
| Info |
|---|
Instructions for editing this page here. |
Weekly Teleconferences
TIME
Thursdays, 12pm ET | 9am PT
PHONE
(734) 615-7474 (please use if you do not pay for long distance)
(866) 411-0013 (toll-free in US and Canada)
Access Code: 0169395#
Action Items tracking
AI Add a third deliverable in phase 1 about communication to participants
AI FOPP will need to be updated. Necessary documentation around the signing key is important if not in a CP/CPS
AI Scott will email Leif about any IETF or related standards that address key management outside of the CP/CPS model
AI Tom will contact SSPHP devs to at least discuss the fingerprint-based-on-certificate-wrapper issue
AI InCommon Operations to discuss test and fall back environment for publishing MDAs.
AI John will review what REFeds has available on the Federation Policy template front.
AI John will draft a concensus for the working group to approve next meeting, in order to conclude its Phase 1 This working group has completed its discussions and recommendations.
Mailing list
Posting address: md-distro@incommon.org (subscribe or unsubscribe)
Archives: https://lists.incommon.org/sympa/arc/md-distro
List homepage: https://lists.incommon.org/sympa/info/md-distro
General information about InCommon mailing lists: https://lists.incommon.org/sympa/help/introduction
...
The current method of metadata distribution relies on frequent local refreshes of a centrally maintained, monolithic metadata file containing all entities in the Federation. This distribution method will not scale if InCommon continues to grow at an exponential rate or for interfederation to succeed. Therefore, this working group is intended to help define, develop, and encourage the deployment of a new model of metadata distribution. Analogies have been made to the shift from /etc/hosts files to DNS, but the Internet Border Gateway Protocol (BGP) is thought by some to be closer to what is needed. In any case, substantial preparatory work has been developed (see this page summarizing TAC discussions regarding Metadata Distribution).
Deliverables for Phase 1: COMPLETED
Determine the fate of the metadata signing key.
...
Phase 1 completion date: End of August 2013
Deliverables for Phase 2: COMPLETED
Discuss, explore, and recommend alternative approaches to metadata distribution.
...
- new endpoints for signed XML metadata distribution
- new signing key
- MDX support
- per-entity metadata
- per-organization metadata
- metadata aggregates based on self-asserted entity attributes
- support for both XML and JSON formats (both signed)
Phase 2 completion date: End of December 16 January 2013
Membership
Membership in the working group is open to all interested parties. Members join the working group by joining the mailing list, phone calls, and otherwise participating actively in the work of the group. The chair of the working group is appointed by the InCommon TAC and is responsible for keeping the TAC informed regarding working group status. John Krienke is the current chair.
Minutes
- 2013-11-07
- 2013-10-31
- 2013-08-29
- MD WG Meeting 2013-08-15
- MD WG Meeting 2013-08-08
- MD WG Meeting 2013-07-25
- MD WG Meeting 2013-07-18
- 2013-07-11 July 2013
References
InCommon Federation CA CPS -- PDF version online here. This CA is a long-standing self-signed CA, not to be confused with the InCommon Certificate service.
Lessons Learned so Far
Terms
- MD - metadata - SAML metadata for a given entity descriptor
- MDA - metadata aggregate - a signed set of entity descriptor metadata
- MDX - metadata query - a specification submitted to IETF, latest draft available here
Artifacts
- Phase 2 Recommendations
- Metadata Aggregates
- Sponsored Partner User Story
- Phase 1 Recommendations
- Metadata Query Protocol: A ConsensusPhase 1 Recommendations to the InCommon TAC
Attachments
| Attachments |
|---|