You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 8 Next »

This is a very early DRAFT set of Phase 2 Recommendations.

Phase 2 Recommendations

The following Phase 2 deliverables were included in the Phase 1 Implementation Plan:

  1. Elicit and capture short to mid-term requirements for metadata aggregation
  2. Devise a plan to transition the metadata signing algorithm to SHA-2
    • SHA-2 is an important driver for Phase 1
    • The Phase 1 Implementation Plan stipulates that all SAML deployments shall consume metadata signed with a SHA-2 digest algorithm by June 30, 2014.
  3. Determine the desirability, feasibility, and impact of changing the InCommon metadata distribution point
    • A new vhost for XML metadata distribution will be introduced in Phase 1

The following Phase 2 deliverables are included in this Phase 2 plan:

  1. Conduct a pilot study that explores the utility of per-entity metadata
  2. Conduct a feasibility study of the potential needs and uses of hardware security modules
  3. Participate in the samlbits.org project

Some Phase 2 deliverables have so far not been discussed:

  1. per-organization metadata
  2. metadata aggregates based on self-asserted entity attributes
  3. support for both XML and JSON formats (both signed)

Multiple Metadata Aggregates

  • Multiple metadata aggregates were introduced in Phase 1 to facilitate the migration to SHA-2:
    1. production metadata aggregate
    2. fallback metadata aggregate
    3. preview metadata aggregate
  • Initially, the production metadata aggregate will be signed using a SHA-2 digest algorithm while the fallback metadata aggregate will be signed using the SHA-1 digest algorithm. By the end of Phase 1, the two aggregates will be sync'd.
  • The preview metadata aggregate has no actual purpose in Phase 1. It was introduced early on merely for completeness.
  • The long-term intended uses of the metadata aggregates are documented in the wiki.
  • It is anticipated and in fact RECOMMENDED that the uses of these metadata aggregates will be expanded over time to facilitate a broad range of metadata deployment scenarios.

Per-Entity Metadata: A Pilot Study

Conduct a pilot study that explores the utility of per-entity metadata as an alternative to metadata aggregates.

  1. The method of addressing per-entity metadata shall conform to the Metadata Query Protocol
  2. If necessary, generate a new signing key for this pilot study
  3. Does it make sense to distribute per-entity metadata via samlbits.org?

Hardware Security Modules: A Feasibility Study

Conduct a feasibility study on the potential uses of Hardware Security Modules (HSMs) to secure XML signing keys and other high-value secrets.

  1. An HSM for the current metadata signing key
    1. On-premise deployment
    2. Impact: The current metadata production process that results in three (3) signed SAML metadata aggregates (production, preview, fallback)
  2. An HSM for a new metadata signing key
    1. On-premise or cloud deployment
    2. Impact: A new post-process that consumes the InCommon production metadata aggregate and produces a set of signed, per-entity metadata
    3. Impact: A new post-process that consumes the InCommon production metadata aggregate and an alternate source of metadata (such as the eduGAIN metadata aggregate) to produce a combined metadata aggregate
  3. An HSM for a new IdP signing key
    1. On-premise or cloud deployment
    2. Impact: The production Multifactor IdP Proxy, an instance of simpleSAMLphp
  • No labels