InCommon metadata support

["Cantor, Scott" <>]

On 8/28/15, 9:00 AM, 
"
 on behalf of Tom Scavo" 
<
 on behalf of 
>
 wrote:

>Hi Vince,
>
>On Fri, Aug 28, 2015 at 8:36 AM, Esquivel, Vince 
><>
> wrote:
>>
>> I am going to be moving my current IDP(on shibboleth) to a new server 
>> (third
>> party appliance) and the entity ID will remain the same.
>
>Are you upgrading to Shibboleth IdP V3 [1] at the same time?

I would interpret "third party appliance" as meaning the implementation is 
totally changing. That has massive implications since the endpoints would be 
changing. That makes it likely a multi-month project with a lot of risk. Or a 
big bang "fix what breaks" exercise. Depends on the attitude of the 
organization to such things.

>> What will be changing is the metadata
>
>The general strategy is to change as little as possible. The fact that
>you are not changing the entityID is a Very Good Thing.

It is when you're not changing much else, or are just changing keys, but when 
literally everything else changes, not changing the entityID means that you 
have a lot of limitations around changing endpoints, since there can't be 
more than one of a given binding in use at a time.

The big issue is that you're going to have to care and feed all of the many 
SPs not running Shibboleth or SSP in a very deliberate way no matter what. 
The key issue is whether they'll both be running for a while, and how/whether 
SSO between them is handled.

-- Scott