InCommon metadata aggregate exceeds 50MB

Chris Phillips Chris.Phillips at
Thu Mar 29 11:53:33 EDT 2018

Paul -- great work!  
+1 to the other comments in the thread about republishing and the fact it probably happens.

My perception of how campus' operate is that some do metadata distribution and may not sign the 'internal' set of metadata. I'm not sure it's fully realized the possible risk or potential for undetected metadata manipulation being borne in this model and why signing the metadata aggregate or MDQ element matters to mitigate such a risk.  Maybe my concern is misplaced? 

Having a component like this makes it a LOT easier to do the right thing..


On 2018-03-19, 4:18 PM, "users on behalf of Paul Caskey" <users-bounces at on behalf of pcaskey at> wrote:

    I'm responding to a very old thread, I know...
    It took me a bit to get it into a public repo, but if any of you want to try out an MDQ server with InCommon global metadata, it's as easy as: "docker run -d -p 443:443 tier/mdq-appliance"    :)
    It's an centos-based apache server that serves up InCommon metadata processed with the Metadata Aggregator and signed with a key generated when you first run the container.
    Source files are here:
    Comments are welcome/desired.
    > -----Original Message-----
    > From: users [mailto:users-bounces at] On Behalf Of Cantor,
    > Scott
    > Sent: Monday, February 12, 2018 3:43 PM
    > To: Shib Users <users at>
    > Subject: RE: InCommon metadata aggregate exceeds 50MB
    > > There's not much choice, is there?  Will dynamic metadata be available
    > > soon?
    > Ditto. Starting to look as though I'll have to spend a day or two standing
    > something up for myself, it's probably inevitable for redundancy anyway at
    > the end of the day.
    > -- Scott
    > --
    > For Consortium Member technical support, see
    > To unsubscribe from this list send an email to users-
    > unsubscribe at
    For Consortium Member technical support, see
    To unsubscribe from this list send an email to users-unsubscribe at

More information about the users mailing list