...
eduGAIN Metadata Distribution Service (MDS) is the central component of the eduGAIN service as a whole. For the detailed description and procedures used in the eduGAIN metadata aggregate distributed by MDS see [eduGAIN-meta]. The eduGAIN metadata aggregate is produced on a separate, secured host (mds-feed). Metadata signing is also peformed on mfs-feed currently with a key file located on the host istself.
In order to minimise risks of exposing high permissions account on the mdsh host the resulting aggreagate file is transferred to the mds host using a dedicated low premissions account. The aggregate is then moved to the finel place on the mds host in a process innitiated within the mds host.
...