You are viewing an old version of this page. View the current version.

Compare with Current View Page History

Version 1 Next »

Metadata Distribution Subcommittee of the InCommon Technical Advisory Committee (TAC)

Instructions for editing this page here.

Teleconferences

Call details will be posted pending scheduling of the weekly meeting time and the closing of the Doodle Poll by end of day, Friday June 28th.

Mailing list

Posting address: md-distro@incommon.org (subscribe or unsubscribe)
Archives: https://lists.incommon.org/sympa/arc/md-distro
List homepage: https://lists.incommon.org/sympa/info/md-distro
General information about InCommon mailing lists: https://lists.incommon.org/sympa/help/introduction

Mission/Goals

The mission of the Metadata Distribution Subgroup is to develop a future-facing technical strategy for our metadata signing and distribution system.

We currently sign metadata using a signing key and certificate that is rooted in a traditional CA. The CA root certificate expires Mar 29 20:34:00 2014 GMT. This working group will determine whether we simply renew, reissue, or come up with alternative approaches to signing the main InCommon public metadata aggregate.

The current method of metadata distribution relies on frequent local refreshes of a centrally maintained, monolithic metadata file containing all entities in the Federation. This distribution method will not scale if InCommon continues to grow at an exponential rate or for interfederation to succeed. Therefore, this working group is intended to help define, develop, and encourage the deployment of a new model of metadata distribution. Analogies have been made to the shift from /etc/hosts files to DNS, but the Internet Border Gateway Protocol (BGP) is thought by some to be closer to what is needed. In any case, substantial preparatory work has been developed (see this page summarizing TAC discussions). (error)

Specific outcomes for this group:

  1. Determine the next phase for the metadata signing key.
  2. Discuss, explore, and develop alternative approaches to metadata distribution.

Deliverables for Phase 1

  1. KEY: Determine if the current metadata signing key and certificate needs to be replaced or renewed
  2. DISTRIBUTION POINT:  Determine the desirability, feasibility and impact of changing the InCommon MD distribution point, given a future of multiple use cases for the publishing of additional metadata aggregates, including the possibility of published per-entity metadata. The group may conclude that this deliverable is assignable to Phase 2.
  3.  
  4.  
  5. the following enhancements to the metadata production system:
  6. Based on current and future requirements, determine if the metadata signing key requires a traditional PKI (i.e., a valid certificate chain, CRLs, OCSP, etc.)
  7. Recommend a strategy for metadata signing into the foreseeable future

Deliverables for Phase 2

  1. Elicit and capture requirements around metadata distribution for a set of future use cases tbd (info)
  2. Analyze and document alternative approaches to metadata distribution
  3. Recommend one or more methods of metadata distribution

Issues include:

  • new endpoints for signed XML metadata distribution
  • new signing key
  • MDX support
  • per-entity metadata
  • per-organization metadata
  • metadata aggregates based on self-asserted entity attributes
  • support for both XML and JSON formats (both signed)

Expected End Dates

Phase 1: End of August 2013
Phase 2: End of December 2013

Membership

Membership in the subcommittee is open to all interested parties. Members join the subcommittee by joining the mailing list, phone calls, and otherwise participating actively in the work of the subcommittee. The chair of the subcommittee is appointed by the InCommon TAC and is responsible for keeping the TAC informed regarding subcommittee status. John Krienke is the current chair.

References

.tbd.

Attachments

  File Modified
No files shared here yet.
  • No labels