Phase 2 Recommendations
- Conduct a pilot study that explores the uses of per-entity metadata
- The addressing of per-entity metadata shall conform to the Metadata Query Protocol
- Conduct a feasibility study of the uses of hardware security modules
- Participate in the samlbits.org project
Discuss, explore, and recommend alternative approaches to metadata distribution.
- Elicit and capture requirements around metadata distribution
short to mid-term requirements for metadata aggregation [Phase 1]
longer term requirements for per entity metadata [Phase 2]
Devise a plan to transition the metadata signing algorithm to SHA-2 [Phase 1]
- this will be considered after SHA-2 testing of IdP endpoints is completed by TAC and Ops.
- the UK federation has blazed a welcome path for recommendation
Determine the desirability, feasibility, and impact of changing the InCommon metadata distribution point [Phase 1]
- an outcome of the mid-term and long-term requirements discussion
Analyze and document alternative approaches to metadata distribution, and recommend one or more methods of metadata distribution for InCommon for the foreseeable future [Phase 2]
Issues include:
new endpoints for signed XML metadata distribution [Phase 1]
new signing key [Phase 1]
MDX support [Phase 2]
per-entity metadata [Phase 2]
per-organization metadata [not addressed]
metadata aggregates based on self-asserted entity attributes [not addressed]
support for both XML and JSON formats (both signed) [not addressed]