Per-Entity Metadata Working Group

[Tom Scavo <>]

On Thu, Jul 28, 2016 at 12:02 PM, Cantor, Scott 
<>
 wrote:
>> If the goal is to get our arms around the larger group of clients
>> (Shibboleth, SSP, AD FS, Ping), then we also need to reconsider our
>> overall security model. TLS on the MDQ server can not be avoided if we
>> truly want to be all-encompassing.
>
> If you want to put TLS on it, that's fine. It won't affect my software.

Another way to look at it is: It won't affect deployers who are using
your software correctly. That's always been an Ops concern with TLS on
*any* InCommon metadata server.

> If you're suggesting that the trust anchor of all anchors be online in a 
> web server, that I definitely can't get behind.

I'm not suggesting anything in particular, except that we need to
discuss TLS on the MDQ server: https://spaces.internet2.edu/x/gAk7BQ

> If people want to trust that key, I'm not going to stop them, but there 
> needs to be a signature. You can't move this metadata around if there's not.

I haven't suggested otherwise and I haven't heard anyone else suggest
that either. What I'm trying to say is: other software (apart from
Shibboleth and SSP) can not verify an XML signature directly. A
3rd-party add-on tool is required for that (and if the past is any
indication, those 3rd-party tools won't get used). So if we're serious
about including other clients in our solution, then we have to address
the TLS issue.

Tom