| Wiki Markup |
|---|
Deployers have multiple metadata aggregates from which to choose. This page outlines available options. Policy considerations and general configuration issues are discussed on the [Metadata Consumption] page. Guidance on how to configure specific [Metadata Client Software] is available elsewhere in this wiki.
{warning:title=InCommon metadata has moved!}
{div:style=padding-top:1.5ex;padding-bottom:1.5ex;}The legacy metadata aggregate on vhost {{wayf.incommonfederation.org}} was replaced by a permanent redirect (to the fallback metadata aggregate) on March 31, 2014:{div}
{code:language=bash}
# The legacy metadata aggregate no longer exists:
$ MD_LOCATION=http://wayf.incommonfederation.org/InCommon/InCommon-metadata.xml
$ curl --silent --dump-header /dev/tty $MD_LOCATION > /dev/null
HTTP/1.1 301 Moved Permanently
Date: Mon, 05 May 2014 11:58:38 GMT
Server: Apache
Location: http://md.incommon.org/InCommon/InCommon-metadata-fallback.xml
Content-Length: 347
Connection: close
Content-Type: text/html; charset=iso-8859-1
{code}
{div:style=padding-top:0.5ex;}Moving forward, _no new metadata services_ will be deployed on vhost {{wayf.incommonfederation.org}}.{div}
{warning}
h2. Metadata Aggregates
{div:style=float:right;margin-left:1em;margin-bottom:1ex;width:22em}{note}Obtain a diff of consecutively published metadata aggregates via [web|https://wayf.incommonfederation.org/metadata-diff/prod-prod/?C=M;O=D] or [email|https://lists.incommon.org/sympa/info/metadata-diff]{note}{div}
Late in 2013, InCommon Operations introduced three new metadata aggregates at the following *permanent* HTTP locations:
* [http://md.incommon.org/InCommon/InCommon-metadata.xml] (production)
* [http://md.incommon.org/InCommon/InCommon-metadata-fallback.xml] (fallback)
* [http://md.incommon.org/InCommon/InCommon-metadata-preview.xml] (preview)
All metadata aggregates are signed using the same metadata signing key and the SHA-256 digest algorithm.
{info:title=Current Status of InCommon Metadata (as of July 1, 2014)}
{div:style=padding-top:1.5ex;}All metadata aggregates are in sync.{div}
{HTMLcomment:hidden}
_Production Metadata Aggregate_
* signed using the SHA-256 digest algorithm
_Fallback Metadata Aggregate_
* (identical to the Production Metadata Aggregate)
_Preview Metadata Aggregate_
* (identical to the Production Metadata Aggregate)
{HTMLcomment}
{info}
Metadata consumers choose exactly one of the above aggregates depending on the immediate requirements of their deployment.
{table-plus:columnAttributes=style="padding-left:1em;text-align:right;,style="padding-left:1em;padding-right:1em;text-align:center;,style="padding-left:1em;padding-right:1em;text-align:center;,style="padding-left:1em;padding-right:1em;text-align:center;",style="padding-left:1em;padding-right:1em;text-align:center;"}
|| || Availability || Stability || Reliability || Affinity ||
| _preview aggregate_ | 24x7 | experimental | leading edge | persistent |
| _production aggregate_ | 24x7 | stable | mainstream | persistent |
| _fallback aggregate_ | 24x7 | legacy | trailing edge | transient |
{table-plus}
Multiple metadata aggregates allow InCommon to deploy changes to metadata more quickly, easily, and safely.
h3. Production Metadata Aggregate
In the best possible world, a deployment would configure itself to refresh its metadata store from the _production metadata aggregate_ and that would be the end of it. The problem is that metadata aggregates are brittle by their very nature, that is, a small change to metadata may have unexpected effects downstream. If this happens, a deployment can “fall back” to a previous version of metadata that is known to be backward compatible.
h3. Fallback Metadata Aggregate
As suggested in the previous section, the _fallback metadata aggregate_ comes into play when a breaking change is inadvertently introduced into InCommon metadata. When a change is made to the production metadata aggregate, and that change breaks a downstream metadata process, an affected deployment can temporarily migrate to the fallback metadata aggregate. This gives the deployment time to adjust to the breaking change.
{tip:title=Consume the Fallback Aggregate?}
A deployment should consume fallback metadata only when it has to, that is, when it is unable to consume production metadata. Consuming the fallback metadata is a *temporary* measure while a deployment reacts to a breaking change in production metadata.
{tip}
The fallback metadata aggregate is _transient_ in the sense that backward compatibility is provided for a limited, predetermined period of time. This forces deployments to adjust to breaking changes to production metadata albeit in a controlled environment.
h3. Preview Metadata Aggregate
Like the fallback metadata aggregate, the _preview metadata aggregate_ helps manage the introduction of potentially breaking changes into InCommon metadata. Before such a change is deployed in production, it is first introduced in preview mode. Any issues that surface are addressed before the change is moved to production.
The preview metadata aggregate is designed for deployments on the leading edge, such as test and dev deployments. Such deployments are strongly encouraged to consume the preview metadata aggregate instead of the production metadata aggregate.
{tip:title=Consume Production or Preview Aggregate?}
An important decision point for each deployment is whether to consume the production metadata aggregate or the preview metadata aggregate.
{tip}
{anchor:export-aggregate}
h2. Export Aggregate
InCommon also exports metadata to [eduGAIN|https://www.edugain.org] for interfederation purposes:
* [http://md.incommon.org/InCommon/InCommon-metadata-export.xml] (export)
At this point, only a small subset of production metadata is exported to eduGAIN.
{code:language=bash}
# InCommon export aggregate distribution point
$ MD_LOCATION=http://md.incommon.org/InCommon/InCommon-metadata-export.xml
# Fetch the metadata and list the entityIDs of exported entity descriptors
$ MD_PATH=/tmp/metadata-export.xml
$ curl --silent $MD_LOCATION \
| tee $MD_PATH \
| grep -F ' entityID=' \
| sed 's/^.* entityID="\([^"]*\).*$/\1/'
{code}
Soon InCommon participants will be given the choice to export their metadata to eduGAIN (or not). Watch for announcements via the usual channels.
|
Page History
Overview
Content Tools