You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 7 Next »

Metadata Distribution Working Group of the InCommon Technical Advisory Committee (TAC)

Instructions for editing this page here.

Teleconferences

Call details will be posted pending scheduling of the weekly meeting time and the closing of the Doodle Poll by end of day, Friday June 28th.

Mailing list

Posting address: md-distro@incommon.org (subscribe or unsubscribe)
Archives: https://lists.incommon.org/sympa/arc/md-distro
List homepage: https://lists.incommon.org/sympa/info/md-distro
General information about InCommon mailing lists: https://lists.incommon.org/sympa/help/introduction

Mission/Goals

The mission of the Metadata Distribution Working Group is to develop a future-facing technical strategy for our metadata signing and distribution system.

We currently sign metadata using a signing key and certificate that is rooted in a traditional CA. The CA root certificate expires Mar 29 20:34:00 2014 GMT. This working group will determine whether we simply renew, reissue, or come up with alternative approaches to signing the main InCommon public metadata aggregate.

The current method of metadata distribution relies on frequent local refreshes of a centrally maintained, monolithic metadata file containing all entities in the Federation. This distribution method will not scale if InCommon continues to grow at an exponential rate or for interfederation to succeed. Therefore, this working group is intended to help define, develop, and encourage the deployment of a new model of metadata distribution. Analogies have been made to the shift from /etc/hosts files to DNS, but the Internet Border Gateway Protocol (BGP) is thought by some to be closer to what is needed. In any case, substantial preparatory work has been developed (see this page summarizing TAC discussions regarding Metadata Distribution).

Deliverables for Phase 1

Determine the fate of the metadata signing key.

  1. Determine if the current metadata signing key and certificate needs to be replaced or renewed.
  2. Determine if the key pair requires a traditional PKI.

Phase 1 completion date: End of August 2013

Deliverables for Phase 2

Discuss, explore, and recommend alternative approaches to metadata distribution.

  1. Elicit and capture requirements around metadata distribution for a set of likely future use cases
  2. Determine the desirability, feasibility, and impact of changing the InCommon metadata distribution point
  3. Analyze and document alternative approaches to metadata distribution
  4. Recommend one or more methods of metadata distribution for InCommon for the foreseeable future

Issues include:

  • new endpoints for signed XML metadata distribution
  • new signing key
  • MDX support
  • per-entity metadata
  • per-organization metadata
  • metadata aggregates based on self-asserted entity attributes
  • support for both XML and JSON formats (both signed)

Phase 2 completion date: End of December 2013

Membership

Membership in the working group is open to all interested parties. Members join the working group by joining the mailing list, phone calls, and otherwise participating actively in the work of the group. The chair of the working group is appointed by the InCommon TAC and is responsible for keeping the TAC informed regarding working group status. John Krienke is the current chair.

References

.tbd.

Attachments

  File Modified
No files shared here yet.
  • No labels