Risks
- Security
- Disclosure of private key
- Clients not checking signatures
- Intrusion into signing infrastructure
- DoS attacks on distribution
- Availability
- The distribution service for entities
- As discussed in Agenda and Notes - 2016-08-03, it seems feasible that a cost-effective infrastructure can be deployed that can provide at least four nines availability and sufficient capacity for InCommon.
- The aggregation/signing service
- This is not a major concern, assuming a separate distribution layer in the architecture.
- Responsiveness / Capacity
- Capacity is not sufficiently elastic
- As discussed in Agenda and Notes - 2016-08-03, it seems feasible that a cost-effective infrastructure can be deployed that can provide at least four nines availability and sufficient capacity for InCommon.
- (We should decide on acceptable response from the distribution service.)
- Cost
- Cost of elastic capacity not budgeted
- UK experience indicates that this should be low, a few hundred dollars per month.
- Staff time and attention
Opportunities
- Window of opportunity to engage SAML infrastructure components/tools/libraries outside of the usual suspects (Shibboleth, SimpleSAMLphp) to support Federation (large 'F') using MDQ. SeeĀ this email from Michael Domingues (Iowa) with a fuller explanation.