metadata-support - [Metadata-Support] RE: significant slowdown in XML Signature validation
Subject: InCommon metadata support
List archive
- From: "Cantor, Scott" <>
- To: "" <>
- Subject: [Metadata-Support] RE: significant slowdown in XML Signature validation
- Date: Tue, 16 Feb 2016 20:05:00 +0000
- Accept-language: en-US
- Authentication-results: spf=pass (sender IP is 164.107.81.218) smtp.mailfrom=osu.edu; incommon.org; dkim=none (message not signed) header.d=none;incommon.org; dmarc=bestguesspass action=none header.from=osu.edu;
- Spamdiagnosticmetadata: NSPM
- Spamdiagnosticoutput: 1:23
> With the new eduGAIN containing metadata, we’re seeing a significant
> slowdown in the time it takes shibd to start up, and this appears to be in
> the
> signature validation step.
My impression hasn't been that it's validation time, I've been ascribing it
to transit time or more likely just the raw DOM parsing time. I don't think
you can assume it's the signature unless you actually measured that under a
debugger.
> Of course, the slowdown means that the init.d scripts (on RedHat) now
> complain about failure unless you significantly boost the SHIBD_WAIT setting
> from its default of 30 seconds.
Yes, many people have had to do that in other deployments for a long time. On
newer systems, systemd more or less eliminates the need to set anything.
> Is there anything that anyone is aware of which can be done to improve the
> shibd loading time? Is this just going to be a fact of life for the future?
The obvious solution is per-entity metadata queries. Neither the parsing nor
the signature step is going to get better, not appreciably.
-- Scott
- [Metadata-Support] significant slowdown in XML Signature validation, Jeffrey Eaton, 02/16/2016
- [Metadata-Support] RE: significant slowdown in XML Signature validation, Cantor, Scott, 02/16/2016
- Re: [Metadata-Support] significant slowdown in XML Signature validation, Jeffrey Eaton, 02/16/2016
- RE: [Metadata-Support] significant slowdown in XML Signature validation, Cantor, Scott, 02/16/2016
- Re: [Metadata-Support] significant slowdown in XML Signature validation, Tom Scavo, 02/16/2016
- Re: [Metadata-Support] significant slowdown in XML Signature validation, Ian Young, 02/16/2016
- Re: [Metadata-Support] significant slowdown in XML Signature validation, Jeffrey Eaton, 02/16/2016
- Re: [Metadata-Support] significant slowdown in XML Signature validation, Jeffrey Eaton, 02/18/2016
- RE: [Metadata-Support] significant slowdown in XML Signature validation, Cantor, Scott, 02/18/2016
- Re: [Metadata-Support] significant slowdown in XML Signature validation, Tom Scavo, 02/18/2016
- Re: [Metadata-Support] significant slowdown in XML Signature validation, Jeffrey Eaton, 02/19/2016
- Re: [Metadata-Support] significant slowdown in XML Signature validation, Cantor, Scott, 02/19/2016
- Re: [Metadata-Support] significant slowdown in XML Signature validation, Jeffrey Eaton, 02/18/2016
- Re: [Metadata-Support] significant slowdown in XML Signature validation, Tom Scavo, 02/16/2016
- RE: [Metadata-Support] significant slowdown in XML Signature validation, Cantor, Scott, 02/16/2016
- Re: [Metadata-Support] significant slowdown in XML Signature validation, Jeffrey Eaton, 02/16/2016
- [Metadata-Support] RE: significant slowdown in XML Signature validation, Cantor, Scott, 02/16/2016
Archive powered by MHonArc 2.6.16.