Per-Entity Metadata Working Group

[Nick Roy <>]

Tweaking a relying party config is an order of magnitude simpler than standing up a pre-pacakged VM.  Most systems admins worth their salt won't allow a black box like that if it's critical infrastructure, and many wouldn't have the resources to make it highly available.  Absent that, it becomes a liability, not an asset in terms of high availability.

Nick

On Aug 4, 2016, at 2:30 PM, David Walker <> wrote:

Agreed that it's really just a couple of minutes.  My point was that any change is viewed as "significant" to many system administrators.  The thing going for us is that, ultimately, doing nothing is not an option.

David

On 08/04/2016 01:19 PM, Cantor, Scott wrote:

*	IdP and SP administrators will need to do something to take
advantage of per-entity metadata distribution.  Even assuming we don't ask
them (or their institutions) to run the distribution layer, they still have
significant work to do.

I would not agree that a few config changes is significant work. Getting people to do it is a hassle, but that's not because it's hard, it takes a couple of minutes to do the change. If you're thinking in terms of some kind of large scale testing activity by every site, we can't go into this with that expectation.

The most significant work would be if we change the signing key, but that's work "in theory" since in practice people don't carefully validate trust anchors just because they should.

*	If we did ask them to run their part of the distribution layer, we could
provide them with an instrumented VM container.

Still a non-starter IMHO. What you'd have to do is force us to built it into the software, essentially.

-- Scott