April 1, 2020
As with most organizations, InCommon has adjusted its operations to ensure continuity of critical infrastructure as a result of the COVID-19 pandemic. We have accelerated the timing for a planned change in the way we sign metadata. Currently, two people need to physically be in our Ann Arbor office each day to sign metadata. We have developed a signing process that can be accomplished without anyone needing to be physically present in Ann Arbor, but that maintains the high level of security needed for the signing.
Starting Wednesday, April 8, the metadata signing will move to an automated process. In short, we will retrieve the unsigned metadata from the Federation Manager in a secure location in our infrastructure. Signing will be performed by a slightly modified version of the current tested and documented tooling that signs metadata. The new process will use a tamper-proof Hardware Security Module (“HSM”) to sign without a human being needing to be physically present. The newly signed aggregate will then be deployed to our existing metadata distribution servers.
This metadata will be signed by the existing “legacy” metadata signing key, so no change is needed by you to make use of this new system. From the outside, everything will be the same. This change does not affect our new MDQ metadata distribution service, but is constructed using some of the same components.