Message sent from Nick Roy to the InCommon Community on April 1, 2020
Dear InCommon participants and site admins:
Please note that this message does not require action on your part; it relates to the internal method we use for signing metadata.
As with many of you, InCommon has had to take certain actions to adjust its operations to ensure continuity of critical infrastructure as a result of the COVID-19 pandemic. We have accelerated the timing for a planned change in the way we sign metadata. Currently, two people need to physically be in our Ann Arbor office each day to sign metadata. We have developed a signing process that can be accomplished without anyone needing to be physically present in Ann Arbor, but that maintains the high level of security needed for the signing.
Starting Wednesday, April 8, the metadata signing will move to an automated process. In short, we will retrieve the unsigned metadata from the Federation Manager in a secure location in our infrastructure. Signing will be performed by a slightly modified version of the current tested/documented tooling that signs metadata. The new process will use a tamper-proof Hardware Security Module (“HSM”) to sign without a human being needing to be physically present. The newly signed aggregate will then be deployed to our existing metadata distribution servers.
This metadata will be signed by the existing “legacy” metadata signing key, so no change is needed by you to make use of this new system. From the outside, everything will be the same. This change does not affect our new MDQ metadata distribution service, but is constructed using some of the same components.
We have provided additional information on this wiki page: https://spaces.at.internet2.edu/x/lAHvCQ. If you have any questions or concerns, please email help@incommon.org
Best Regards,
Nicholas Roy on behalf of InCommon Operations