Metadata Signing Process
The InCommon metadata signing process involves the following components and actors:
- The metadata signing key
- A Key Authority Officer
- A Technical Authority Officer
The metadata signing key is the private key used to sign InCommon metadata. The public key corresponding to the private metadata signing key is bound to the metadata signing certificate. This key pair together form the basis of the trust fabric of the InCommon Federation.
The metadata signing key is a secure offline key. It is stored in a safe in a secure facility with limited physical access. Access to the safe is further limited to a few individuals collectively referred to as the Key Authority.
A software process that signs and publishes metadata is run daily. This process runs on an offline laptop kept in the safe. Only a handful of individuals can initiate the software process. Collectively these individuals are known as the Technical Authority.
In the same way that a bank deposit box requires two distinct physical keys, the metadata signing process requires two human actors, a Key Authority Officer and a Technical Authority Officer. Only the Key Authority Officer can access the safe while only the Technical Authority Officer can run the software process. Both are needed to complete the metadata signing process. Each limits the actions of the other.