One of the things that we are looking at closely with the UK federation at the moment is a move towards a more seamless approach to metadata management. Metadata is clearly one of the most important things about a federation – it has all the information to allow IdPs and SPs to connect to each other. It is also critically important that the metadata is accurate – bad metadata could easily break the trust model of a federation.
However, metadata takes a long time to process, check and verify. One approach that federations have been taking to help streamline this process is to introduce systems where by members can automagically update their own metadata. A good example of this is the SWITCH AAI Resource Registry.
Implementing something like this for the UK federation is an interesting concept, but I still have a number of questions:
- What is the impact on members in terms of additional cost / time from having to upload their own metadata information?
- Is there a corresponding reduction in staff time and effort at the federation operator, and it is right to switch the balance of effort?
- How do we maintain integrity and accuracy of data? What would be the impact of incorrect data being passed through?
- What is an appropriate level of human intervention / checking of data with this automated process?
I’d be really interested to hear people’s thoughts on this process.
Of course, another option would be to adopt a more radical approach whereby Identity Providers and Service Providers host their own metadata and merely inform the federation of its location. This embraces the idea of a truly distributed service model…but is perhaps a step we are not yet ready for.
1 comment
Comments feed for this article
Trackback link
http://access.jiscinvolve.org/wp/metadata-management-and-all-that-jazz/trackback/
February 11, 2010 at 2:50 pm
cal racey
“What is the impact on members in terms of additional cost / time from having to upload their own metadata information?”
I’m not sure there is much of a cost if is is done in a structured way. The current model involves looking up the ukfed website to see what info is needed for a registration, constructing an email with all the details and end points, potentially confirming contents via the phone etc. While self management does have an overhead for members I’m not sure it would be more than the existing process. I don’t think it will be a large workload, newcastle has proabably the highest number of entities in the federation and we don’t find registration to be a burden.
“How do we maintain integrity and accuracy of data?” That becomes the responsibility of the member and the impact of error also falls on that member. If an SP messes up it’s meta data then it will bare the brunt of customer dissatisfaction with the broken service, similarly with an IDP. It is nice to have a fed body making sure entries are sane but at the end of the day responsibility lies with the member. Provided the system for updating metadata is helpful enough and the documentation and training is fit for purpose then devolving responsibility down the the member is fine. From a pragmatic view I still would like the see the ukfed playing a role in sanity checking (make sure no angle brackets where they shouldn’t be etc).