managing untrusted metadata

[Tom Scavo]

On Thu, Apr 26, 2018 at 7:47 PM, Cantor, Scott <cantor.2 at osu.edu> wrote:
>
> I handle all the one-offs manually right now. I would prefer to break them up into individual files, and probably will use LocalDynamic for that.

In your view, what will become of FilesystemMetadataProvider now that
we have LocalDynamicMetadataProvider. Are there any use cases for the
former?

> Then there's the Unicon work on a GUI that also handles one-offs well and ends up producing a directory usable with that plugin.

If you have a link to the Unicon stuff (or someone from Unicon is
listening in), please add to this thread.

>> To all: If you're using LocalDynamicMetadataProvider today, please weigh in
>> with your experiences.
>
> Just started, I scripted all of it and used rsync to push it around, it's fine.

Is this running on the IdP server or elsewhere?

> I have some issues with the code I've already filed bugs on, but for most purposes it's fine if the metadata is relatively static. It needs control over refresh based on the files changing like the SP supports.

Do you have a relevant pointer (or pointers) into jira?

>> This comment is similar to the previous one but since InCommon is
>> mentioned, let me ask: How do folks manage specific entities in federation
>> metadata (InCommon or otherwise) that happen to be untrusted? As you
>> know, just because an entity is registered by a federation does not
>> guarantee the metadata can be trusted. Please share your experiences here.
>
> You're using a different definition of "trust", I treat all the federation metadata as trusted and know that I got it from a reliable source and it hasn't been tampered with. That's all.

Oh, okay, I thought you were handling some entities in federation
metadata specially due to a perceived high probably of failure at some
point down the road.

Tom