shibboleth-dev - Re: [Shib-Dev] configuring a metadata file or directory
Subject: Shibboleth Developers
List archive
- From: Paul Hethmon <>
- To: <>
- Subject: Re: [Shib-Dev] configuring a metadata file or directory
- Date: Wed, 25 Feb 2009 11:03:27 -0500
Title: Re: [Shib-Dev] configuring a metadata file or directory On 2/25/09 10:53 AM, "Scott Cantor" <> wrote:
Christopher A Bongaarts wrote on 2009-02-25:So you see it that Shib IdP normally pulls the needed SP metadata from the SP (and/or other network available source)?
> In the immortal words of Tom Scavo:
>> AFAIK Shibboleth has always required metadata to be configured on a
>> per-file basis. It would be more convenient (and less error prone)
>> for deployers if there were a configurable metadata directory Then
>> all you have to do is drop a metadata file into the directory and go.
That doesn't really make much sense to me in light of the fact that metadata
is almost always pulled from a remote location. We don't see any non-toy use
cases in which people would be explicitly pointing at files anymore, other
than intra-campus cases where you're managing SP metadata on the IdP host,
and that's basically one file.
Given my experience so far, my SP operators don’t really have the experience to manage their own metadata normally (not that I have a lot more). My thought has been to migrate more towards some sort of metadata management system. Something that is probably driven by a web application, ties into a DB for storage, and possibly ties into an SCM for actual publication of the data to provide versioning. I’ve been bitten more than once by simple typos, especially in entityID’s for some reason. I would envision something along the lines of some of the web based SP configuration generators, just to remove hand editing of configuration and metadata files. I guess actually I’m thinking more of the Shib configuration files (both IdP and SP) rather than the actual metadata.
Paul
-----
Paul Hethmon
Chief Software Architect
Clareity Security, LLC
865.824.1350 - office
865.250.3517 - mobile
www.clareitysecurity.com
-----
Give a man a fire and he's warm for the day. But set fire to him and he's warm for the rest of his life.
-- Terry Pratchett, Discworld
- configuring a metadata file or directory, Tom Scavo, 02/25/2009
- Re: [Shib-Dev] configuring a metadata file or directory, Christopher A Bongaarts, 02/25/2009
- RE: [Shib-Dev] configuring a metadata file or directory, Scott Cantor, 02/25/2009
- Re: [Shib-Dev] configuring a metadata file or directory, Paul Hethmon, 02/25/2009
- RE: [Shib-Dev] configuring a metadata file or directory, Scott Cantor, 02/25/2009
- Re: [Shib-Dev] configuring a metadata file or directory, Paul Hethmon, 02/25/2009
- RE: [Shib-Dev] configuring a metadata file or directory, Scott Cantor, 02/25/2009
- Re: [Shib-Dev] configuring a metadata file or directory, Paul Hethmon, 02/25/2009
- RE: [Shib-Dev] configuring a metadata file or directory, Scott Cantor, 02/25/2009
- Re: [Shib-Dev] configuring a metadata file or directory, Paul Hethmon, 02/25/2009
- Message not available
- Re: [Shib-Dev] configuring a metadata file or directory, Tom Scavo, 02/25/2009
- RE: [Shib-Dev] configuring a metadata file or directory, Scott Cantor, 02/25/2009
- Re: [Shib-Dev] configuring a metadata file or directory, Tom Scavo, 02/25/2009
- RE: [Shib-Dev] configuring a metadata file or directory, Scott Cantor, 02/25/2009
- Re: [Shib-Dev] configuring a metadata file or directory, Christopher A Bongaarts, 02/25/2009
Archive powered by MHonArc 2.6.16.