metadata-support - Re: [Metadata-Support] Re: MDQ status?
Subject: InCommon metadata support
List archive
- From: Tom Poage <>
- To: "" <>
- Subject: Re: [Metadata-Support] Re: MDQ status?
- Date: Fri, 20 Jul 2018 19:13:55 +0000
- Accept-language: en-US
- Authentication-results: spf=none (sender IP is ) ;
- Ironport-phdr: 9a23:Gv4x8BfNuzv9uDr9zejO8fg8lGMj4u6mDksu8pMizoh2WeGdxcW/ZR7h7PlgxGXEQZ/co6odzbaO7ea4ASQp2tWoiDg6aptCVhsI2409vjcLJ4q7M3D9N+PgdCcgHc5PBxdP9nC/NlVJSo6lPwWB6nK94iQPFRrhKAF7Ovr6GpLIj8Swyuu+54Dfbx9HiTahYL5+Ngm6oRnMvcQKnIVuLbo8xAHUqXVSYeRWwm1oJVOXnxni48q74YBu/SdNtf8/7sBMSar1cbg2QrxeFzQmLns65Nb3uhnZTAuA/WUTX2MLmRdVGQfF7RX6XpDssivms+d2xSeXMdHqQb0yRD+v6bpgRh31hycdLzM38H/ZhNFsjKxVoxyuqR1/zJLbb4yOLvVyYqbdcMkGSWdbXMtcUTFKDIOmb4sICuoMJfhWr474p1ATtxW+AhOjBOzxxTRVgXL2waM60/wmEQ7c0wwvAckDsGnIo9roLqgST+G1zLLSwTrdcvxWxC7w5Y7VeR4iufGBRa98fdbexEU1GA7IjE+cpIP4Mz+P1OkBrnCX4/RhWO6zl2Iqrhx9rzqzysswj4TGnYIYx17Y+Sh83Yo5O9m1RFJ+bNOgDJRfqSCXOo54Qsw+TGxnoyM3xaMYtZKleCUHzZcqyhzEZPCffYiH/BHuWPqULDp9inJpZLKyiAq3/ES+xeDxUse53VNXoidHjtXDqnUA2wLP5cebVPRw+Fqq1yyV2ADJ8O5EJFg5larFJJ4lxb49joIdvFjEECPqlkj6laGYeEIq9+Sx7OToeavpqoWbN49plgHxKaMumtG5AeslKAQOR3Kb+eOg1LL94UL5XLRKjvowkqXDt5DaONgbpqq+Aw9S0YYv8QqwDzCj0NgAnHkHKkxKeA6fgoT0J13DL+r0APi9jli2nzpn2urKM7/8DpnVK3jMirbhfbJz605GzwozyMhS545aCrEZJ/L8QEDxu8LDAx8kLwO73vzoCMt81oMFQ26AHLKWML7KvV+S+u0vO/WMZJMSuDvlKvgl4eLhjXg8mV8Yeqmp24EbaHeiHvRpOkmZZGTjgssbHmgXpAU+UPblhESZUT5Of3ayR6U85isnCI+9CYfDR5utgKCa3CulBJFWZ2ZGCkySHnfycYWLResMZDyILsB/jzMESOvpd4h0nxSjqAb2wqZua/HJ4jUfr47L1d5+4OjWkhd08iZ7RYzJ1myRRm19gmpNXCIuxKdlvWR8zFyE1K1/hbpfD9MFtN1TVQJvCZnZh9R9At//ElbdcM+OQVmrasitDTgvT8l3ztMTNRUuU+6+hwzOinL5S4QekKaGUcRuqPDVwmTxKsBhyn3PyKgmiRw8T9BSMXG92PQt7BDdUojOlUjR172nc6gRxmbszC+C1iLP2SMQSwtsSePAVHEbaFHRqIHl6FvFRrCjIaksPgJfyNXEJ6dXOZXk
- Spamdiagnosticmetadata: NSPM
- Spamdiagnosticoutput: 1:99
Any update on the production MDQ service? I'm starting to run across vendor implementations that want a URL to fetch metadata and, in many cases, can't/won't support the size of aggregates. Of course, offering these vendors our IdP metadata
endpoint is the last solution on the list to be offered. Speaking of vendors, it's difficult to know for sure if they've validated the signature on downloaded metadata (even when asked). Odd thought, what if instead of (or in addition to) metadata signature, metadata is encrypted by e.g. the
MDQ private key? Then vendors etc. would be forced to successfully decrypt what they download to make it useful (a form of validation). No, it doesn't give the truly lazy an out, like now, but seems a significant step toward ensuring that downstream consumers
have gone through some kind of check on what they've fetched. Thanks. Tom. From: <> on behalf of Nick Roy <> Hi Tom, We are working on productionalizing the MDQ service. Because of the need for high availability, combined with the need to handle signing keys in a very secure way, it is taking some time to do the planning. Best, Nick Nick Roy Director of Technology and Strategy, InCommon / Internet2 Trust and Identity Services From: <> on behalf of Tom Poage <> I have some SP operators noticing/complaining about the ever increasing amount of time to start the SP. I think they're using all the usual tricks of e.g. using the IdP-only aggregate, increasing timeouts and
the like. |
- Re: [Metadata-Support] Re: MDQ status?, Tom Poage, 07/20/2018
- Re: [Metadata-Support] Re: MDQ status?, Nick Roy, 07/20/2018
- Re: [Metadata-Support] Re: MDQ status?, Cantor, Scott, 07/20/2018
- Re: [Metadata-Support] Re: MDQ status?, Nick Roy, 07/20/2018
- Re: [Metadata-Support] Re: MDQ status?, Cantor, Scott, 07/22/2018
- Re: [Metadata-Support] Re: MDQ status?, Nick Roy, 07/20/2018
- Re: [Metadata-Support] Re: MDQ status?, Cantor, Scott, 07/20/2018
- Re: [Metadata-Support] Re: MDQ status?, Nick Roy, 07/20/2018
Archive powered by MHonArc 2.6.19.