InCommon metadata support

["Cantor, Scott" <>]

On 3/23/15, 6:21 PM, "Tom Scavo" 
<>
 wrote:



>I've always thought the optimal validUntil value should be around 4
>days but we're a long way from achieving that goal. On the Metadata
>Consumption wiki page [1], we recommend that clients attempt a refresh
>every hour (which is cacheDuration, right?).

Mostly, but the Shibboleth history with cacheDuration is pretty all over 
the map when it comes to the batch resolvers since we had our own settings 
for that.

>I doubt these values are optimal. (This is a beta server, which is why
>I haven't brought this up before now.) It's a fact that per-entity
>metadata doesn't change near as often as aggregate metadata. Should
>this fact be factored into the parameters somehow?

I guess the optimum would be for it to be somewhat up to the entity. Like 
when you're making certain changes, you might set the DNS TTL very low for 
a short time and then raise it back up.

>My gut tells me that validUntil should be large while cacheDuration
>should be small. Does this sound right?

Relative to each other certainly, but also, you don't really want 
validUntil to be any longer than the amount of time you want to allow for 
an outage.

-- Scott