...
eduGAIN Metadata Distribution Service (MDS) is the central component of the eduGAIN service as a whole. For the detailed description and procedures used in the eduGAIN metadata aggregate distributed by MDS see [eduGAIN-meta] and theAggregation, signing and publishing subsection within this document. The eduGAIN metadata aggregate is produced on a separate, secured host (mds-feed). Metadata signing is also peformed on mfs-feed currently with a key file located on the host istself.
In order to minimise risks of exposing a high permissions account on the mds host the resulting aggreagate file is transferred from ndsmds-feed to the mds host using a dedicated low premissions account. The aggregate is then moved to the final place on the mds host in a process innitiated within the mds host.
...