With the growth of the metadata feeds all over the world, together with the increased need for catering for multiple federations at once, Service Providers are increasingly reliant on the MetaData Query (MDQ) protocol, for Relying Party metadata lookup.
(MDQ is also commonly referred to as MDX (MetaData eXchange) for historical reasons: the name of a mailing list where the spec was discussed.) This protocol is however not widely deploy at this time, due to technical complexity

In addition, for MDQ there is only one implementation in common use: pyFF. This is a risk as it creates a high dependence on that piece of technology

This activity seeks to simplify the scalable use of MDQ, both for federations that currently operate a MDQ as well as for federations tat do not provide an MDQ service. In addition it wants to create an alternative implementation, next to pyFF, for creating and managing XML metadata.

The aim is to deliver EntityDescriptors as flat files in such a way this mimics MDQ protocol and combine that with Global DNS to create a super fast and highly redundant distribution mechanism for MDQ.

Potential features of such an alternative MDX solution are:

• Federations must remain in control of metadata signing
• Solution must not depend on how federations sign metadata
• Solution must respect SAML metadata ‘business rules’ with regard to TTL
  
  
• Effort for participation in distribution network should be minimal
• Solution should be highly available
• Solution should support almost real-time updates

Better uptimes for metadata availability and thus better uptimes for federated identity management services.

Complexity caused by the conflicting characteristics of centralizing a decentralized service.

There is no personal data involved, apart from the technical and security contacts in metadata, which are distributed in the current system in a comparable manner.

• An alternative MDX solution is designed and a PoC is implemented
• Architecture overview with MVP
• Geographically distributed MDQ (geoDNS)
• A test suite and trial site is created/deployed
• An infrastructure deployment is tested with some federation operators
• A documentation for installation and configuration is provided

• The design, source code and documentation will be made available to the community
  
• A hosted, distributed MDX solution could be provided to support federations that do not run an MDQ

An architecture for an alternative MDX solution was designed and a working PoC was implemented according to the specifications.