Shibboleth Developers

[Lukas Hämmerle <>]

>> Concerning polling the OnDemand MetadataProvider would have the
>> advantage to only poll if it's necessary, which would reduce HTTP HEAD
>> requests compared to a high frequency MetadataProvider.
> When I look at the content of the VO entities that are currently in the
> metadata, I'm not sure whether your approach would entirely solve your 
> problem.
> 
> New entities - i.e. a new entity of a VO, would propagate as needed.
> However, changes of an entity already existing in metadata could not be
> handled in a timely fashion with the "on demand" approach.

True, VO changes in an AffiliationDescriptor would not be solved
completely. The critical changes are:
a. VO Deletion
b. Addition of VO services
c. Removal of VO services

I don't consider a. and c. much of a problem. But b. is indeed more
problematic because users might see an error message when accessing a
recently added service too early...

My assumption is that a VO admin will initially pick all the services a
VO requires when before the VO actually is created. This then would not
cause any problems with the OnDemant Metadata provider. But nevertheless
the case where a VO Admin then later on adds more services is also
likely and this case will cause problems.

So, a short polling interval with a short cacheDuration might indeed
cause less problems.

Lukas

-- 
SWITCH
Serving Swiss Universities
--------------------------
Lukas Hämmerle, Software Engineer, Net Services
Werdstrasse 2, P.O. Box, 8021 Zurich, Switzerland
phone +41 44 268 15 64, fax +41 44 268 15 68
,
 http://www.switch.ch