inc-ops-notifications - [InCommon NOTICE] MDQ service in Production: Alleviate your SAML software resource demands
Subject: InCommon Operations Notifications
List archive
[InCommon NOTICE] MDQ service in Production: Alleviate your SAML software resource demands
Chronological Thread
- From: Nick Roy <>
- To: "" <>, "" <>
- Subject: [InCommon NOTICE] MDQ service in Production: Alleviate your SAML software resource demands
- Date: Thu, 13 Feb 2020 20:46:49 +0000
- Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=internet2.edu; dmarc=pass action=none header.from=internet2.edu; dkim=pass header.d=internet2.edu; arc=none
- Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=x94zP39P2Ym4cQ8gp6yW+Qy+KrCF0cXh82bAQsnPVz8=; b=Zvn69+AUzbVT3JVdE/F+ZofZULTxNSHDr3G3sV0rkX6P62SVLPZ/52FOc6wpKoSenhn8tpQB+2W3lAaE2TZNuIG7CK3zOL0VX/71x3ZNYzG19O3DpWgLKIqoLl0EFzETxpyME+GpO+OOciEv8kGNB8DeP0qDNoAuf9BH3CmkjMaoBUopsxqWNf2IypuFU5DJ+BiCL/jjJd5GFDRmMTwQCf2nDLGI2LBuph08EZICrEND0em9vKmKXmPbXKcARpHT9ZBbaW+j51tBmyrkrmJJlw76qDtgimvAdE5ACnfQFL1bP1ljxoCKrt6JGcsstKMZ7jJZmn4ei1A3yXYic1UPAw==
- Arc-seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=dSIoGfA0c1RdarSCiMW+KsJRLtzZXbaQu2FWfKBseisqff2K3/Y6lX1EemLVDUmzt5YMvyp7Ix+lphnGop31cpHbeAYsvbDa/ISDiw4juowfD0tduTT4Y28IwQBw2GtcY9L44bs4tMiI7egXn3n7rUJ4P+FhvdyinLzpy4wL8FemO4Pxws2CFSDXZpNLtiQEcZPiYYDv0OKRBACumDVR7mE2n8xJdSFFZk58x2LqSUvFa2jA4I8rQbMnnB+l1hGv56HpiSgfKqwwTUn+4d5wE001Xbk63fThhlRh6tfVrK4NU077mMnaBiTv7VCJoel0hJijM3OuOUzrvB27xgZH7Q==
Colleagues,
On January 30th, 2020, the InCommon Federation Technical Advisory Committee approved the production release of the new InCommon metadata distribution service, featuring per-entity metadata. InCommon strongly recommends you switch your SAML software to use the metadata query or “MDQ” features in our new metadata service.
The InCommon “main” metadata aggregate is now almost 70MB in size, and requires several gigabytes of memory to parse. This results in enormous memory footprints and lengthy start-up times for your SAML software. MDQ prevents your software from using these resources by allowing it to only fetch the metadata it needs, when it needs it. You can also read about the improvements we made with this service in a recent blog post by me.
Moving to MDQ will require you to update the configuration of your SAML software to point to a new metadata location and to verify the metadata using a new public key. The details of all of this are in our new metadata distribution service documentation, available in our wiki. Make sure you look at the documentation for Production rather than the Technical Preview (the latter is the new version of the old “preview” metadata aggregate service).
Over the next year, we will work with you to transition all InCommon federation SAML software to the new service; changing to the new service sooner rather than later is recommended.
Best Regards,
Nick Roy on behalf of InCommon Operations
- [InCommon NOTICE] MDQ service in Production: Alleviate your SAML software resource demands, Nick Roy, 02/13/2020
Archive powered by MHonArc 2.6.19.