Announcements |   placeholder

11 - Measuring SAML metadata propagation in the UK federation

Alex Stuart

Service owners and other stakeholders ask "How long will a metadata change take to propagate to federation members?" Metadata refresh is a pull mechanism so operations staff typically reply with an educated guess of "a few hours, or overnight" based on federation recommendations for configuring metadata refresh. This estimation has been made more difficult since the introduction of a just-in-time metadata query (MDQ) service, in addition to classical publication of SAML metadata aggregates. I will describe a method for measuring the propagation of Service Provider metadata changes using SAML 2 \texttt{AuthnRequest} messages, and present measurements in the UK federation. The method does not rely on operational details of the UK federation technical infrastructure, so it can be generalised for other federations or to interfederation through eduGAIN. I will compare this work with the eduGAIN Connectivity Check Service (ECCS). The lightning talk ends with an outline of possible approaches to measuring propagation time for Identity Provider metadata changes.