Phase 2 Recommendations

Phase 2 Recommendations

• Conduct a pilot study that explores the uses of per-entity metadata
  • The addressing of per-entity metadata shall conform to the Metadata Query Protocol
• Conduct a feasibility study of the uses of hardware security modules
• Participate in the samlbits.org project

Discuss, explore, and recommend alternative approaches to metadata distribution.

1. Elicit and capture requirements around metadata distribution

   1. short to mid-term requirements for metadata aggregation [Phase 1]

   2. longer term requirements for per entity metadata [Phase 2]

2. Devise a plan to transition the metadata signing algorithm to SHA-2 [Phase 1]

   1. this will be considered after SHA-2 testing of IdP endpoints is completed by TAC and Ops.
   2. the UK federation has blazed a welcome path for recommendation

3. Determine the desirability, feasibility, and impact of changing the InCommon metadata distribution point [Phase 1]

   1. an outcome of the mid-term and long-term requirements discussion

4. Analyze and document alternative approaches to metadata distribution, and recommend one or more methods of metadata distribution for InCommon for the foreseeable future [Phase 2]

Issues include:

• new endpoints for signed XML metadata distribution [Phase 1]

• new signing key [Phase 1]

• MDX support [Phase 2]

• per-entity metadata [Phase 2]

• per-organization metadata [not addressed]

• metadata aggregates based on self-asserted entity attributes [not addressed]

• support for both XML and JSON formats (both signed) [not addressed]