InCommon metadata aggregate exceeds 50MB
cantor.2 at osu.edu
Thu Mar 29 12:08:10 EDT 2018
> My perception of how campus' operate is that some do metadata
> distribution and may not sign the 'internal' set of metadata. I'm not sure it's
> fully realized the possible risk or potential for undetected metadata
> manipulation being borne in this model and why signing the metadata
> aggregate or MDQ element matters to mitigate such a risk. Maybe my
> concern is misplaced?
Metadata I manage locally is sitting on my IdP disk, there's no need to sign it.
If I pulled it in from outside, I'd verify the aggregate, and then chop it up and it would become local, so again, not much need.
This is for SP metadata of course. I haven't considered doing anything for the IdP side at this point, having only one federated SP and that one needs discovery.
More information about the users