You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 4 Next »

Participants

Proposers
NameOrganisation
Mihály HéderSZTAKI/KIFÜ
Niels van DijkSURF
GN4-3 project team
NameOrganisationRole
MartinSURFTeam member
MihálySZTAKI/KIFÜTeam member
HalilGRNETTeam member
Andrej
Team member


Stakeholders
Name

Organisation

Role 
Davide VaghettiGARRTask lead of eduGAIN service team
Leif JohanssonSUNETHSM operator
Halil AdemGRNETfederation operator

Activity overview

Description

With the growth of the metadata feeds all over the world, together with the increased need for catering for multiple federations at once, Service Providers are increasingly reliant on the MetaData Query (MDQ) protocol, for Relying Party metadata lookup.
(MDQ is also commonly referred to as MDX (MetaData eXchange) for historical reasons: the name of a mailing list where the spec was discussed.)

For MDQ there is only one implementation in common use: pyFF. The MDQ protocol is quite simple however, 

Activity goals

The aim is to deliver EntityDescriptors as flat files in such a way this mimics MDQ protocol and combine that with Global DNS to create a super fast and highly redundant distribution mechanism for MDQ.

Activity Details

Technical details

Potential features of such an alternative MDX solution are:

  • Federations must remain in control of metadata signing
  • Solution must not depend on how federations sign metadata
  • Solution must respect SAML metadata ‘business rules’ with regard to TTL

  • Effort for participation in distribution network should be minimal
  • Solution should be highly available
  • Solution should support almost real-time updates
Business case

Better uptimes for metadata availability and thus better uptimes for federated identity management services.

Risks

Complexity caused by the conflicting characteristics of centralizing a decentralized service.


Data protection & Privacy

There is no personal data involved, apart from the technical and security contacts in metadata, which are distributed in the current system in a comparable manner.


Definition of Done (DoD)
  • An alternative MDX solution is designed and a PoC is implemented
  • Architecture overview with MVP
  • Geographically distributed MDQ (geoDNS)
  • A test suite and trial site is created/deployed
  • An infrastructure deployment is tested with some federation operators
  • A documentation for installation and configuration is provided


Sustainability
  • The design, source code and documentation will be made available to the community
  • A hosted, distributed MDX solution could be provided to support federations that do not run an MDQ

Activity Results

Results
This activity is still ongoing

Meetings

Date

Activity

Owner

Minutes

January 1, 2017

Kickoff meeting



















Documents

No files shared here yet.



  • No labels