Per-Entity Metadata Working Group

[Scott Koranda <>]

> On Wed, Jul 27, 2016 at 12:27 PM, Cantor, Scott 
> <>
>  wrote:
> >
> > I heard the points being made about the system now tolerating short 
> > outages
> 
> Well, no, let's be clear: the system we have now can tolerate very
> long outages, on the order of hours or days (not minutes). Our
> (current) infrastructure is based on that fact.
> 
> > but I don't think the best solution is going to be to make every client 
> > tolerate that.
> 
> That may be true, and I would like to discuss that more, if for no
> other reason than to manage expectations.
> 
> I've had multiple people (whom I respect) respond in exactly the same
> way: What's Plan B if the MDQ server fails? We (as deployers) want to
> load the aggregate up front, right?
> 
> I didn't correct them when they reacted like that because honestly I'm
> not sure what our goals are. That's why we're here, right?
> 
> > If we really, really don't think we can do this, then I think we need to 
> > shift more radically toward metadata at the endpoints. That's never been 
> > something I object to, though I do object to self-asserting it. But that 
> > was something that a lot of us spent time thinking about, and at the 
> > time, the conclusion was "that's just not practical for most deployers, 
> > they don't want to bother with it". Maybe that's changed, but I wouldn't 
> > say there's any actual evidence either way.
> 
> Well, that's the way the OIDC world is going, so I think it's worth
> having a discussion on that topic if nothing else.

I would like to defer that discussion and focus now more on
identifying different per-entity risks for different
stakeholders/actors and the possible mitigations.

Thanks,

Scott K