Local Metadata Management Tools
trscavo at gmail.com
Thu Feb 15 10:25:23 EST 2018
On Wed, Feb 14, 2018 at 3:14 PM, Helen Feder <hrf at andrew.cmu.edu> wrote:
> Anyone using a local metadata management tool that they can recommend? Or
> have a tool or set of tools that they would be willing to share?
I have a set of command-line tools but I doubt that's what you need.
Peter suggested Jagger, which is probably worth a look. AFAIK, Jagger
is used by federation operators, which probably means it's not a good
fit for you. OTOH, it is relatively well supported.
Scott mentioned the software developed at Duke, which has been
publicly demoed at various times. You might want to contact the folks
at Duke about that.
I suspect you could easily find a handful of campuses with
more-or-less the same need as yours. Why not band together, kick in
some seed money, and induce Duke to open source its excellent
software? It may turn out that money is not the problem but it's worth
> We would like a tool that has an API that can be called from scripts that
> are building our VMs.
You should definitely follow up on Peter's observation about
UKfederation, but in the end, the above requirement will probably
force you to build (not buy).
> Also would be nice if it had a webapp for use by our central group to
> enter relevant bits of metadata that the tool then validates and saves and
> then published out to our IdPs.
I'll note in passing that InCommon already does this for you. In fact,
I see that CMU currently has 512 SPs in InCommon metadata. 
> Eventually would like to have a
> self-service webapp with local sysadmins can upload their metadata and then
> our central group approves it and then it gets published out to our IdPs
Yes, that's a reasonable requirement. I wrote a specification for
something similar about a year ago, when I was still working for
InCommon. You might want to ask them about it.
Instead of provisioning metadata during VM creation, you should
consider your options. Have you looked at OpenID Connect Dynamic
Client Registration?  I don't know if the
shibboleth-idp-oidc-extension  supports client registration but
that may be something to look at.
More information about the users