Join InCommon



Organizations Urged to Move to Metadata Query Service

Colorful stacks of data.



Estimated reading time: 2 minutes

By Nick Roy
Director of Technology & Strategy, InCommon

On Thursday, January 30th, the InCommon Technical Advisory Committee (TAC) accepted the final report of the Internet2 Trust and Identity Services Operations project which put Metadata Query (MDQ) into production. With the TAC’s sign-off on that report, the community has officially accepted the state of the MDQ service as delivered by InCommon Operations.

You can read about the high levels of performance and availability required of this service in the final report, linked above. These requirements were set by a TAC working group of community experts, which determined that switching InCommon’s metadata delivery model to MDQ meant that any IdP or SP in InCommon must be able to receive metadata on an on-demand basis during the course of an authentication event, without a user being able to notice a delay.

The InCommon MDQ service meets and surpasses these requirements. This was achieved using a serverless architecture designed and deployed by InCommon’s architecture and operations groups. We use cutting-edge DevOps methodologies to ensure the infrastructure is documented, versioned, tested, and reproducible, all by automated processes.

As of this writing, the production MDQ service has been available without downtime for more than 210 days. The preview/test environment has been up for nearly a year without downtime. This is compared to the legacy InCommon metadata aggregates, which have an admirable uptime of 90 days as of this writing. More info is available on InCommon’s service status page, at:

We urge anyone who has an IdP or SPs deployed in InCommon to look at our extensive Metadata Service Documentation and strongly consider switching to the production MDQ service. InCommon participants who have done so have reported orders of magnitude lower memory usage (gigabytes down to a couple hundred megabytes or lower) by their IdPs and SPs, as well as much faster start-up times (one SP noted that their startup time went from 20 minutes to five seconds).