per-entity - Re: [Per-Entity] remaining BIG questions
Subject: Per-Entity Metadata Working Group
List archive
- From: Nick Roy <>
- To: <>
- Subject: Re: [Per-Entity] remaining BIG questions
- Date: Wed, 14 Sep 2016 10:41:03 -0600
- Authentication-results: spf=none (sender IP is ) ;
- Ironport-phdr: 9a23:bsM0OBFhwr4RFy/EyDC/X51GYnF86YWxBRYc798ds5kLTJ76oc2wAkXT6L1XgUPTWs2DsrQf1LqQ7vurADFIyK3CmU5BWaQEbwUCh8QSkl5oK+++Imq/EsTXaTcnFt9JTl5v8iLzG0FUHMHjew+a+SXqvnZBUin4YF5tK/6wF4jOjtim/+G08JrWZgJOwj2nbuUhAg+xqFD3t8IVybFlO+5lzAHOs1NJffhb32VlOQjVkhrhsJTjtKV/+jhd7qpyv/VLVr/3Kvw1
- Spamdiagnosticmetadata: NSPM
- Spamdiagnosticoutput: 1:99
Just my personal opinions, take with appropriate grain(s) of salt.
On 9/14/16 10:20 AM, Tom Scavo wrote:
I still have a number of unanswered questions regarding the
distribution of per-entity metadata:
1) Do we need preview-main-fallback servers or is a single production
server adequate?
From what I understand about TIER's intentions and directions from Steve Zoppi (and I agree with them), the long-term intent is to create an entire test federation in the TIER QA environment that we could use to test out new stuff (including the interaction of TIER components with changes to metadata). This is one reason I'm working with Levvel.io right now to build out a Federation Manager CI pipeline in the TIER QA environment. The intent is to have a parallel InCommon metadata service (metadata curation, production, aggregation, signing, publication) in that environment long-term. Maybe that is what's needed?
2) Does the server need to support HTTP Conditional GET?
I don't see why - any change to a _signed_ entity descriptor would probably mean the entire signed entity descriptor needs to get completely re-retrieved.
3) What is the range of permissible validUntil dates on each entity
descriptor? (we discussed this briefly on today's call)
Leave it at 14 days for now, address making the range smaller in the future as it becomes feasible.
4) Is there a cacheDuration on each entity descriptor, and if so, what
is its value?
I think the answer to this depends on how frequently we intend to publish new signed metadata, so currently, maybe put it at 2 hours to ensure changes are picked up in a relatively timely fashion, but we aren't hammering the servers too hard.
5) What is our failover strategy?
Multiple CDNs with different hostnames, configured at each metadata client, with the requirement to implement some kind of client-based failover when deployer-controllable (and fed ops recommended) thresholds for latency and timeout are exceeded.
Nick
I realize there's pressure to wrap up the WG but if anyone cares to
address any of these questions, I'd be grateful.
Tom
- [Per-Entity] remaining BIG questions, Tom Scavo, 09/14/2016
- Re: [Per-Entity] remaining BIG questions, Steve Thorpe, 09/14/2016
- Re: [Per-Entity] remaining BIG questions, Nick Roy, 09/14/2016
- Re: [Per-Entity] remaining BIG questions, Tom Scavo, 09/14/2016
- Re: [Per-Entity] remaining BIG questions, Cantor, Scott, 09/14/2016
- Re: [Per-Entity] remaining BIG questions, Tom Scavo, 09/14/2016
- Re: [Per-Entity] remaining BIG questions, Cantor, Scott, 09/14/2016
- Re: [Per-Entity] remaining BIG questions, Tom Scavo, 09/14/2016
- Re: [Per-Entity] remaining BIG questions, Cantor, Scott, 09/14/2016
- Re: [Per-Entity] remaining BIG questions, Tom Scavo, 09/14/2016
- Re: [Per-Entity] remaining BIG questions, Cantor, Scott, 09/14/2016
- Re: [Per-Entity] remaining BIG questions, Ian Young, 09/20/2016
- Re: [Per-Entity] remaining BIG questions, Nick Roy, 09/21/2016
- Re: [Per-Entity] remaining BIG questions, Tom Scavo, 09/14/2016
- Re: [Per-Entity] remaining BIG questions, Cantor, Scott, 09/14/2016
- Re: [Per-Entity] remaining BIG questions, Tom Scavo, 09/14/2016
- Re: [Per-Entity] remaining BIG questions, Cantor, Scott, 09/14/2016
- Re: [Per-Entity] remaining BIG questions, Tom Scavo, 09/14/2016
Archive powered by MHonArc 2.6.19.