Skip to Content.
Sympa Menu

metadata-support - RE: [Metadata-Support] significant slowdown in XML Signature validation

Subject: InCommon metadata support

List archive

RE: [Metadata-Support] significant slowdown in XML Signature validation

Chronological Thread 
  • From: "Cantor, Scott" <>
  • To: "" <>
  • Subject: RE: [Metadata-Support] significant slowdown in XML Signature validation
  • Date: Tue, 23 Feb 2016 15:31:00 +0000
  • Accept-language: en-US
  • Authentication-results: spf=pass (sender IP is;; dkim=none (message not signed) header.d=none;; dmarc=bestguesspass action=none;
  • Spamdiagnosticmetadata: NSPM
  • Spamdiagnosticoutput: 1:23

> Just to be clear, we're not asking you to remove any of your entities
> from InCommon metadata. Some orgs publish their enterprise SP metadata
> and some don't. It's completely up to you.

Perhaps, but I don't think it works well or provides a lot of value. I used
to point the non-federated systems on campus to InCommon and eventually I
realized that wasn't a great idea. For one thing, making changes on campus
(say, rolling out SLO endpoints in metadata or converting to SAML 2 from SAML
1) can be coordinated very differently than dealing with all your off-campus
SPs. Having separate metadata is fairly useful as a buffer between those
cases, to say nothing of the obvious performance advantages now.

MDQ fixes the latter but doesn't provide the insulation to make local changes
ahead of global ones.

-- Scott

Archive powered by MHonArc 2.6.16.

Top of Page