Per-Entity Metadata Working Group

[Tom Scavo <>]

Hi Rhys,

On Wed, Oct 26, 2016 at 5:04 PM, Rhys Smith 
<>
 wrote:
>
> Just a quick update. UKf now has an almost production ready MDQ server at 
> http://mdq.ukfederation.org.uk/

Woohoo!

> Oh, and when I say production ready, what I mean is that this is now all 
> integrated into our production workflows. So every time we update our 
> production aggregates, the MDQ output will be updated accordingly.

I assume you mean per-entity metadata is automatically produced and
deployed whenever a new aggregate is produced and deployed, correct?
How often is that?

> (“Almost” because it’s currently using the existing key that we sign the 
> aggregates with to do the per-entity signing, but I’m going to change it to 
> use a newly generated key on our HSM for MDQ stuff).

That makes complete sense. I wish InCommon were able to introduce a
new key in conjunction with per-entity metadata. Not doing so will
cost us in the long term.

> This is using the new per-entity generation in the MDA that Ian recently 
> added.

Do you mean Shibboleth MDA 0.9.2?

> Once I’ve changed it to use the new keys, we’ll be starting to pilot it on 
> the UKf with some select customers, and our own pilot managed services.

Will you focus on Shibboleth IdP V3? In any case, I'd be very
interested to know the software configurations used by client software
in the pilot.

Thanks for the update,

Tom