per-entity - Re: [Per-Entity] A little MDQ mvp in AWS

Subject: Per-Entity Metadata Working Group

List archive

Re: [Per-Entity] A little MDQ mvp in AWS

From: Christopher Hubing <>
To: Per-Entity Metadata Working Group <>
Subject: Re: [Per-Entity] A little MDQ mvp in AWS
Date: Thu, 13 Oct 2016 16:51:52 +0000
Authentication-results: spf=none (sender IP is ) ;
Ironport-phdr: 9a23:WPUfHhE/DtrfrIn8OuGqUZ1GYnF86YWxBRYc798ds5kLTJ75pMywAkXT6L1XgUPTWs2DsrQf1LqQ7vurADFIyK3CmU5BWaQEbwUCh8QSkl5oK+++Imq/EsTXaTcnFt9JTl5v8iLzG0FUHMHjew+a+SXqvnY6Uy/yPgttJ+nzBpWaz4Huj7jzqNXvZFBwiSD4TLVuLQmn5SDcqsAaiJdrYpk20BjIpHQAVP5R2HsgcUqehVPx4Nux4I9L8iJbvPck8MgGVr/1KfcWV7tdWR8mKWEu+MrztRTZBSuS7HoaXS1CmRpVCQnD4zn7WIv8qC33qrA71SWHa56lBYsoUCivuv84ACTjjz0KYntgqDna
Spamdiagnosticmetadata: NSPM
Spamdiagnosticoutput: 1:99

On Thu, 13 Oct 2016, Tom Scavo wrote:

On Thu, Oct 13, 2016 at 12:02 PM, Christopher Hubing
<>
wrote:

First off, I grabbed the InCommon metadata and dumped it into a DynamoDB
table (with Java). I used API Gateway with CloudFront wrapped around it for
CDN. The API Gateway talks to a Lambda function (nodejs atm) to retrieve the
MD and return it to the client.

Cool.

So, for example, you could hit one of the URLs below and be returned
metadata for that entityid (or insert one of your own entityIDs). It
currently uses a self-signed cert, so ignore any SSL warnings.

How does the CDN manage the TLS key?

It's user managed, you configure from the AWS Console or command line for each custom domain you wish to serve.

https://mdqtest.testbed.tier.internet2.edu/entities/urn:mace:incommon:uiowa.edu
https://mdqtest.testbed.tier.internet2.edu/entities/urn:mace:incommon:psu.edu
https://mdqtest.testbed.tier.internet2.edu/entities/urn:mace:incommon:osu.edu
https://mdqtest.testbed.tier.internet2.edu/entities/https://uwdcc.org/shibboleth

Does your MDQ server support the SHA-1 hash version as well?

It doesn't, but that wouldn't require much of a change to support. I'm looking through https://tools.ietf.org/html/draft-young-md-query-05 and am not seeing the format of the request to get the SHA-1 hash. Do you have a pointer?

I wanted to demonstrate that is possible to create a massively scalable app
in a short period of time with little infrastructure to manage. The metadata
isn't signed, but that could be done rather easily I would think.

The signing will be done (daily) on current infrastructure and the
signed entity descriptors will be pushed to the MDQ server. How does
your deployment change in that scenario?

Changing from a pull to a push would require some code to run on the server that would push these signed entity descriptors out. Right now, this just grabs the aggregate from http://md.incommon.org/InCommon/InCommon-metadata.xml and pushes it into DynamoDB.

Thanks,

Tom

[Per-Entity] A little MDQ mvp in AWS, Christopher Hubing, 10/13/2016
- RE: [Per-Entity] A little MDQ mvp in AWS, Cantor, Scott, 10/13/2016
  - Re: [Per-Entity] A little MDQ mvp in AWS, Patrick Radtke, 10/13/2016
    - RE: [Per-Entity] A little MDQ mvp in AWS, Cantor, Scott, 10/13/2016
      - Re: [Per-Entity] A little MDQ mvp in AWS, Patrick Radtke, 10/13/2016
  - RE: [Per-Entity] A little MDQ mvp in AWS, Christopher Hubing, 10/13/2016
    - RE: [Per-Entity] A little MDQ mvp in AWS, Cantor, Scott, 10/13/2016
      - Re: [Per-Entity] A little MDQ mvp in AWS, Nicholas Roy, 10/13/2016
- Re: [Per-Entity] A little MDQ mvp in AWS, Tom Scavo, 10/13/2016
  - Re: [Per-Entity] A little MDQ mvp in AWS, Christopher Hubing, 10/13/2016
    - Re: [Per-Entity] A little MDQ mvp in AWS, Ian Young, 10/13/2016
      - Re: [Per-Entity] A little MDQ mvp in AWS, Christopher Hubing, 10/13/2016
    - Re: [Per-Entity] A little MDQ mvp in AWS, Tom Scavo, 10/13/2016
      - Re: [Per-Entity] A little MDQ mvp in AWS, Patrick Radtke, 10/13/2016
      - Re: [Per-Entity] A little MDQ mvp in AWS, Christopher Hubing, 10/14/2016

List archive

Re: [Per-Entity] A little MDQ mvp in AWS