Local Metadata Management Tools

Jim Fox fox at washington.edu
Thu Feb 15 12:21:03 EST 2018 

At UW we use an integrated system of GUI, database and IdP processes to 
allow SP owners to edit their own metadata.  The components are:

1) A DNS ownership database, provided by our local DNS system. This is supplemented with group membership (for gmail ids).
2) A database that maintains SP metadata and attribute requests and grants.
3) A GUI that maintains the data in (2).
4) Cron procedures on each IdP host that monitor the database and update local metadata and filters as needed.

The only manual intervention is the granting of attribute requests.


If you have a gmail account you can take a look.  We won't know you so you won't be able to edit anything.

   https://iam-tools.u.washington.edu/spreg/

Use the "Gmail" login.  The InCommon one will likely not work for you.

Jim



On Thu, 15 Feb 2018, Cantor, Scott wrote:

> Date: Wed, 14 Feb 2018 16:58:34
> From: "Cantor, Scott" <cantor.2 at osu.edu>
> To: Shib Users <users at shibboleth.net>
> Reply-To: Shib Users <users at shibboleth.net>
> Subject: Re: Local Metadata Management Tools
> 
> I'll add...
>
> Duke was talking about opening up their tool again I think on a recent IAM Online, but I wasn't there so that's third hand.
>
> Unicon's GUI for TIER looked very promising to me, though it's not initially built to be a distributed tool, it's for IdP Admins to manage one-off integrations themselves, but it does have some initial metadata management and upload capabilities.
>
> A key piece of any strategy going forward is [1], which is a great way to produce pre-cooked metadata from any tool and drop it into the IdP in a simple way that allows for real time refresh but also prevents one bad apple from breaking anything else. It's going to be the 3.4 shipped default and will basically be *the* local solution going forward, just as MDQ is the remote solution for bulk federation of SPs you don't own.
>
> -- Scott
>
> [1] https://wiki.shibboleth.net/confluence/display/IDP30/LocalDynamicMetadataProvider
>
> -- 
> For Consortium Member technical support, see https://wiki.shibboleth.net/confluence/x/coFAAg
> To unsubscribe from this list send an email to users-unsubscribe at shibboleth.net
>

More information about the users mailing list