Metadata Distribution Subcommittee of TAC

[Tom Scavo <>]

On the call, I thought I heard Scott say that the current Shib SP
supports per-entity metadata whereas the IdP does not. Is that
correct?

If that's true, then it seems the immediate goal would be to provide
signed per-IdP metadata via md-query. That's good because 1) there are
*many* SPs in InCommon metadata, and 2) only a small percentage of
them need to be individually signed and packaged. For example, most of
the 272 CMU SPs do not need to be exposed as signed, per-SP metadata.
I suspect there are many such SPs in metadata. Maybe *most* of them.

We probably want to use entity attributes to denote the set of SP
entity descriptors that do (or do not) need to be signed and exposed
via md-query, but I'm not even sure where to begin...

At this point, I'm still pretty confused about the use of validUntil
and cacheDuration at the per-entity level. I'm not sure why we would
want to do anything different than we do now (i.e., validUntil only).
Won't HTTP Conditional GET tell the metadata client everything it
needs to know?

There may be an advantage to elevating HTTP Conditional GET to the
SAML layer. Wouldn't the MDRPI creationInstant XML attribute serve
that purpose?

Finally, I have no idea what discovery looks like in a world of
per-entity metadata. Anybody care to speculate about that?

Tom