md-distro - Re: [md-distro] verifying what I heard on this week's call
Subject: Metadata Distribution Subcommittee of TAC
List archive
- From: Tom Scavo <>
- To:
- Subject: Re: [md-distro] verifying what I heard on this week's call
- Date: Fri, 6 Sep 2013 18:59:56 -0400
On Fri, Sep 6, 2013 at 6:21 PM, Mark K. Miller
<>
wrote:
>
> On Fri, 6 Sep 2013, Tom Scavo wrote:
>
>> If that's true, then it seems the immediate goal would be to provide
>> signed per-IdP metadata via md-query. That's good because 1) there are
>> *many* SPs in InCommon metadata, and 2) only a small percentage of
>> them need to be individually signed and packaged. For example, most of
>> the 272 CMU SPs do not need to be exposed as signed, per-SP metadata.
>> I suspect there are many such SPs in metadata. Maybe *most* of them.
>
> Sure, *most* of them. Then, suddenly, that one faculty member across campus
> here needs to collaborate with that one thing at CMU, and I hope I don't
> need special permission from Gettes!
Well, that's because you know he'll ignore you when you ask ;-)
>> We probably want to use entity attributes to denote the set of SP
>> entity descriptors that do (or do not) need to be signed and exposed
>> via md-query, but I'm not even sure where to begin...
>
> Only the SP operators know where to begin.
I think that's right, which probably means SP operators need to be in
complete control of that entity attribute.
> So, clearly Gettes would provide
> some pretty reasonable guidance for the 272 CMU SPs to get this setup
> correctly. However, other than that, I fully expect most of the other SPs
> to want to be signed and exposed.
Hmm, I'm guessing just the opposite is true...but who knows!
>> Finally, I have no idea what discovery looks like in a world of
>> per-entity metadata. Anybody care to speculate about that?
>
> Sure, I will! It'll be a bigger mess than SP operators and IdP operators
> needing to directly agreeing on attributre release.
Certainly those are the two most "interesting" problems in federated
identity today.
Thanks,
Tom
- [md-distro] verifying what I heard on this week's call, Tom Scavo, 09/06/2013
- Re: [md-distro] verifying what I heard on this week's call, Mark K. Miller, 09/06/2013
- Re: [md-distro] verifying what I heard on this week's call, Tom Scavo, 09/06/2013
- Re: [md-distro] verifying what I heard on this week's call, Cantor, Scott, 09/06/2013
- Re: [md-distro] verifying what I heard on this week's call, Tom Scavo, 09/06/2013
- Re: [md-distro] verifying what I heard on this week's call, Cantor, Scott, 09/07/2013
- Re: [md-distro] verifying what I heard on this week's call, Mark K. Miller, 09/09/2013
- Re: [md-distro] verifying what I heard on this week's call, Tom Scavo, 09/06/2013
- Re: [md-distro] verifying what I heard on this week's call, Mark K. Miller, 09/06/2013
Archive powered by MHonArc 2.6.16.