samlbits.org
The Identity CDN
Global reach for SAML metadata. Read More...
Hosted Resources
About samlbits.org
samlbits.org is a community-driven effort to provide global availability to identity federation technical trust components - notably SAML metadata. We are currently in the process of establishing sites at key locations across the globe. Global availability of technical trust components is critical for interfederation: the process of connecting islands of local trust to form a global trust infrastructure.
The Problem
samlbits.org adds a cache- and global availability layer to the trust fabric of SAML-based identity federations. At scale, SAML-based identity federations often use SAML metadata to manage technical trust beteween federation members.
Making SAML metadata available 247 becomes critically important.
Since the trust model is typcally based on signing SAML metadata rather than on transport security, performance and availability can be improved by by adding a caching layer. This is where samlbits.org comes in. Using proven web-caching technology and geo-aware DNS borrowed from the pool.ntp.org project, samlbits.net turns a locally signed SAML metadata file or MDX endpoint into a globally cached, highly available resource.
Using the CDN
samlbits.org assignes to each hosted resource a CDN identifier which can be used to reference the hosted site directly. For instance edugain is the CDN identifier for the eduGAIN MDS and so http://edugain.cdn.samlbits.net provides access to the eduGAIN MDS. In addition the CDN supports the Host header and serves the Kantara Trust Registry site when Host: trust.kantarainitiative.org is a request header. Use either mechanism or both together!
Send an email to leifj at mnt.se to get your SAML metadata resource hosted by samlbits.org and listed in the table below:
| CDN identifier | Description | CDN URI |
|---|---|---|
| edugain | eduGAIN | http://edugain.cdn.samlbits.net |
| DiscoJuice | DiscoJuice | https://cdn.discojuice.org |
| CAF | CAF | http://caf.cdn.samlbits.net/CoreServices/ |
How it all works
samlbits.org draws on ideas from the pool.ntp.org project to combines a simple distributed monitoring system combined with a geo-aware DNS server and an array of web caches. These components are located across multiple sites and there is no single point of failure.
Open Source
samlbits.org runs completely on OpenSource software. Some components are developed by the project:
Sponsor samlbits.org
samlbits.org is currently looking to establish sites in Asia, Africa, US West Coast and additional sites in Europe - sponsor the project by providing co-location facilities and/or server infrastructure. You can also sponsor by donating other resources to the project. The co-location facilities should be well connected to the Internet and need to have both ipv4 and ipv6 connectivity. Send an email to leifj at mnt.se if you are willing and able to help.
Contact
- email: leifj at mnt.se
- twitter: @samlbits