InCommon metadata aggregate exceeds 50MB

Chris Phillips Chris.Phillips at canarie.ca
Thu Mar 29 11:53:33 EDT 2018 

Paul -- great work!  
+1 to the other comments in the thread about republishing and the fact it probably happens.

My perception of how campus' operate is that some do metadata distribution and may not sign the 'internal' set of metadata. I'm not sure it's fully realized the possible risk or potential for undetected metadata manipulation being borne in this model and why signing the metadata aggregate or MDQ element matters to mitigate such a risk.  Maybe my concern is misplaced? 

Having a component like this makes it a LOT easier to do the right thing..

Chris.


On 2018-03-19, 4:18 PM, "users on behalf of Paul Caskey" <users-bounces at shibboleth.net on behalf of pcaskey at internet2.edu> wrote:

    I'm responding to a very old thread, I know...
    
    It took me a bit to get it into a public repo, but if any of you want to try out an MDQ server with InCommon global metadata, it's as easy as: "docker run -d -p 443:443 tier/mdq-appliance"    :)
    
    It's an centos-based apache server that serves up InCommon metadata processed with the Metadata Aggregator and signed with a key generated when you first run the container.
    
    Source files are here:
    https://github.internet2.edu/i2/mdq-appliance
    
    Comments are welcome/desired.
    
    
    > -----Original Message-----
    > From: users [mailto:users-bounces at shibboleth.net] On Behalf Of Cantor,
    > Scott
    > Sent: Monday, February 12, 2018 3:43 PM
    > To: Shib Users <users at shibboleth.net>
    > Subject: RE: InCommon metadata aggregate exceeds 50MB
    > 
    > > There's not much choice, is there?  Will dynamic metadata be available
    > > soon?
    > 
    > Ditto. Starting to look as though I'll have to spend a day or two standing
    > something up for myself, it's probably inevitable for redundancy anyway at
    > the end of the day.
    > 
    > -- Scott
    > 
    > --
    > For Consortium Member technical support, see
    > https://wiki.shibboleth.net/confluence/x/coFAAg
    > To unsubscribe from this list send an email to users-
    > unsubscribe at shibboleth.net
    -- 
    For Consortium Member technical support, see https://wiki.shibboleth.net/confluence/x/coFAAg
    To unsubscribe from this list send an email to users-unsubscribe at shibboleth.net

More information about the users mailing list