Local Campus Metadata Management Tool
One of the items identified early in our discussions on what is needed to make Shibboleth easier to deploy and use effectively on campus was the notion of a campus local metadata management tool. Many schools have created local solutions and many others manage local metadata by hand. Our question here is what would be the requirements for a campus federation local metadata management tool. If such a tool looks useful, does it make sense for TIER to adopt or create one.
The focus for a TIER Campus Metadata Management tool would be to provide automation for the common, general campus use case and will not delve into specialized needs that will not be experienced at most campuses. The tool should focus on Shibboleth SPs only but also provide a mechanism to ingest pre-existing entity xml as part of its build cycle.
Requirements
End Users
Enable campus users to authenticate using Shibboleth and request that their SP be added to the campus metadata distribution.
Simple web form to prompt the SP operator for standard/simplified information. Included with the default web form is text that explains the needed elements and where to get the information.
Error checking on the entered data.
The ability for the identity that created the entry and designates to edit the entry (including the list of designates).
The ability for the identity that created the entry and designates to delete the entry.
Ability to check on the processing status of the request, including the ability for pure self-service - i.e., automatic addition to the metadata.
System Operators
The ability for campus system operators to edit any metadata entry.
The ability for campus system operators to approve/reject requests.
The ability for campus system operators to, perhaps manually, directly edit the metadata for an entity.
General
Handle only the case of the addition of SP metadata.
Send email to End Users whenever the data for an entity that they own is modified.
Be trivially simple to containerize, install, and operate.
Keep track of previous versions of entity metadata
Options to publish metadata (a) on a regular cycle, (b) after testing by a sysadmin, or (c) in semi-real time after a new record is submitted.
Support for regular review and signoff by entity owner
Ability to know that sets of entities are linked (e.g., production and test)
Information Requested
Contact information / Dept information
Certificate(s)
Virtual host(s) / SAML endpoints
MDUI extension info
Requested attributes and justification for sensitive attributes
Software implementation details (text box or a few standard answers plus “other”)
Index | Element Name | Element Description |
1 | hostname | Used for entity id and binding creation |
2 | certificate | |
3 | bindings | Include all standard bindings with check boxes that users can un-select if needed.(9 in total) Get consensus on what is checked by default |
4 | mdui | displayName ; privacy policy url; logo uri; |
5 | Technical Contact Information | Including eppn |
6 | Administrative Contact Information | Including eppn |
7 | Requested Attributes | |
8 | Notes | Is this really needed |
| ||
|
| |
|
|