April 15, 2020
By Nicholas Roy
Everyone in the InCommon Participant community has been affected by the global COVID-19 pandemic. One of the best things about this community is how it responds to shared challenges, divides up the problem space, and offers solutions rapidly.
A recent example is quickly changing the way we sign and publish federation metadata. InCommon Operations undertook this effort in order to prevent staff from being required to be physically present to sign metadata – to allow “social distancing” even to the extent that it’s now possible to sign InCommon metadata securely, even from home.
In order to do this, we leveraged a large amount of work that we had completed in the construction of our per-entity metadata (MDQ) environment within Amazon Web Services. Specifically, we used the Shibboleth Metadata Aggregator and our AWS Cloud HSM to move our on-premises facility to the cloud, while still enabling trustworthy metadata signing and publication.
The work was led by staff members David Shafer and IJ Kim, with significant help from a number of other community and staff members.
The new metadata signing process went into production without a hitch on Wednesday, April 8. Since then, we have not had to have staff in the office to perform in-person signing. We will take opportunities to continue to refine the process in the coming months, and integrate it with an updated version of the Federation Manager application, soon to move to a new home in AWS as well.
For more information on this change, please see the process documentation and FAQ.