Per-Entity Metadata Working Group

["Cantor, Scott" <>]

On 7/27/16, 1:41 PM, 
"
 on behalf of Tom Scavo" 
<
 on behalf of 
>
 wrote:

> Well, no, let's be clear: the system we have now can tolerate very
> long outages, on the order of hours or days (not minutes). Our
> (current) infrastructure is based on that fact.

I don't think it's really been put to the test. Have we had outages of a 
length that would validate that assumption? I understand your point, just 
quibbling over the magnitude of the difference involved.

> I've had multiple people (whom I respect) respond in exactly the same
> way: What's Plan B if the MDQ server fails? We (as deployers) want to
> load the aggregate up front, right?

Though some of them may be asking that in the context of a pilot or in the 
early stages of this, and that's not as obviously a crazy answer. Obviously 
I'm doing it on shibboleth.net (though also for discovery of course).
  
> I didn't correct them when they reacted like that because honestly I'm
> not sure what our goals are. That's why we're here, right?

I really don't see how we can approach this any differently than DNS. And 
obviously the answer there is "you don't, there is no backup plan, it can't 
fail".

I'm seeing people talk about caching, but I don't think I buy that. Can you 
do it? Sure. Is that common? No, not really, not that I know of. Happy to be 
corrected on that.

I think if the answer is that you have to run your own MDQ infrastructure, 
we're in trouble.

> Well, that's the way the OIDC world is going, so I think it's worth
> having a discussion on that topic if nothing else.

I'll defer responding in light of Scott's preference, but I'll just say that 
I think that's overstated because of the differences in security and policy 
in that world.

-- Scott