This is a very early DRAFT set of Phase 2 Recommendations.
Phase 2 Recommendations
The following Phase 2 deliverables were included in the Phase 1 Implementation Plan:
- Elicit and capture short to mid-term requirements for metadata aggregation
- Multiple metadata aggregates will be implemented in conjunction with Phase 1
- Devise a plan to transition the metadata signing algorithm to SHA-2
- SHA-2 is an important driver for Phase 1
- The Phase 1 Implementation Plan stipulates that all SAML deployments shall consume metadata signed with a SHA-2 digest algorithm by June 30, 2014.
- Determine the desirability, feasibility, and impact of changing the InCommon metadata distribution point
- A new vhost for XML metadata distribution will be introduced in Phase 1
The following Phase 2 deliverables are included in this Phase 2 plan:
- Conduct a pilot study that explores the utility of per-entity metadata
- Conduct a feasibility study of the potential needs and uses of hardware security modules
- Participate in the samlbits.org project
Some Phase 2 deliverables have so far not been discussed:
- per-organization metadata
- metadata aggregates based on self-asserted entity attributes
- support for both XML and JSON formats (both signed)
Per-Entity Metadata: A Pilot Study
Conduct a pilot study that explores the utility of per-entity metadata as an alternative to metadata aggregates.
- The method of addressing per-entity metadata shall conform to the Metadata Query Protocol
- If necessary, generate a new signing key for this pilot study
- Does it make sense to distribute per-entity metadata via samlbits.org?
Hardware Security Modules: A Feasibility Study
Conduct a feasibility study on the potential uses of Hardware Security Modules (HSMs) to secure XML signing keys and other high-value secrets.
- An HSM for the current metadata signing key
- On-premise deployment
- Impact: The current metadata production process that results in three (3) signed SAML metadata aggregates (production, preview, fallback)
- An HSM for a new metadata signing key
- On-premise or cloud deployment
- Impact: A new post-process that consumes the InCommon production metadata aggregate and produces a set of signed, per-entity metadata
- Impact: A new post-process that consumes the InCommon production metadata aggregate and an alternate source of metadata (such as the eduGAIN metadata aggregate) to produce a combined metadata aggregate
- An HSM for a new IdP signing key
- On-premise or cloud deployment
- Impact: The production Multifactor IdP Proxy, an instance of simpleSAMLphp