Skip to Content.
Sympa Menu

per-entity - List of supported software -- was -->Re: [Per-Entity] Latency figures for CDNs

Subject: Per-Entity Metadata Working Group

List archive

List of supported software -- was -->Re: [Per-Entity] Latency figures for CDNs


Chronological Thread 
  • From: Chris Phillips <>
  • To: Per-Entity Metadata Working Group <>
  • Subject: List of supported software -- was -->Re: [Per-Entity] Latency figures for CDNs
  • Date: Tue, 6 Sep 2016 13:37:18 +0000
  • Accept-language: en-US
  • Ironport-phdr: 9a23:2Cnm8xMlm87ivSXp3d0l6mtUPXoX/o7sNwtQ0KIMzox0KP/7rarrMEGX3/hxlliBBdydsK0UzbeN+Pm9EUU7or+/81k6OKRWUBEEjchE1ycBO+WiTXPBEfjxciYhF95DXlI2t1uyMExSBdqsLwaK+i76xXcoFx7+LQt4IPjuUs6X1pzvlrP6x5qGWwhSwRe7fbJuPV2ToBnYusAKiMNdLbwyyx3G6lRSfPlOjTdwKEjWkhDg59uh1J9l+CNVvvUnsclaXvOpUb4/SOlzDC4nKCgN5MzvsRjbVkPbzXsGU35QqhpJBwzE9ArSVZ73uzH7u6x20X/JboXNUbkoVGH6vO9QQxjyhXJCbmZh/Q==

Thanks Scott.

I read the notes on the wiki and the google doc and couldn't find this
requirement anywhere.

If I were to fall back on something it would be the list of supported
software tools/platforms that a federation operator has.
This appears hard to come by, but I do see this:
https://spaces.internet2.edu/display/InCFederation/Software+Guidelines

And this:
https://spaces.internet2.edu/display/InCFederation/Using+Other+Software#Usi
ngOtherSoftware-using-ad-fs

This is much like what CAF has for statements around software -- we
support the protocol not necessarily specific instances of software for
configurations.
It allows a demarcation to be made by the fedop, but in practice
sites/implementors want to know what to do with a given piece of software.

In this case with ADFS and this working group, I think it would be prudent
to link to inCommon's supported software(protocols) and if ADFS isn't
there, then THAT's a conversation to have as opposed to 'should MDQ use
TLS transport to convey trust'. It doesn't feel like this aspect is in
the right place.


I definitely want to see better ADFS integration for federations in
general though. It seems to be coming in MSFT Server2016TP3 (is that out
yet?) that can ingest an aggregate. That said, I have yet to see it in
action. What happens in practice for any ADFS install is a ton of
powershell bulk loading things and applying settings to do anything --
even with MDQ. If you don't do powershell,it's all by hand. (Full
disclosure - I run the adfstoolkit.org site mentioned in the I2 spaces
link BTW (with Leif ;). It hasn't been updated in a long time since not
much has transpired in a long time)

Maybe this topic appears in the risks section of the doc?

Thoughts welcome as always ..

C



On 2016-09-06, 9:05 AM, "Scott Koranda"
<>
wrote:

>Some InCommon Participant ADFS operators want to be able to
>consume metadata for a particular entity by pointing at a MDQ
>service that uses HTTPS as the transport and the trust
>mechanism rather than XML digital signature of the metadata.




Archive powered by MHonArc 2.6.19.

Top of Page