The AAF publishes 3 metadata documents:
The AAF also provides MDQ endpoints for use:
Metadata documents and MDQ endpoints are only accessible by https request. Our metadata endpoints automatically redirect http requests.
The AAF signs all metadata. Subscribers MUST use the public key available at https://md.aaf.edu.au/aaf-metadata-certificate.pem to verify metadata documents whenever they are retrieved.
To confirm that you have obtained the correct key ensure the file you have downloaded conforms to the following:
$> openssl x509 -subject -dates -fingerprint -in aaf-metadata-certificate.pem subject= /O=Australian Access Federation/CN=AAF Metadata notBefore=Nov 24 04:27:20 2015 GMT notAfter=Dec 9 04:27:20 2035 GMT SHA1 Fingerprint=E2:FC:CC:CB:0E:0F:3B:32:FA:55:87:29:08:DE:E0:34:DA:A2:15:5A
The AAF's MDQ endpoints largely conform to the Metadata Query Protocol specifications, with a few deviations documented below.
According to the specification, the responder should respond to a request to /entities with all the entities it knows about. Instead, it responds 404 Not Found. This is for cost optimisation purposes, as serving large MD responses is expensive.
According to the specification, the responder should support gzip compression. It does not. We aim to support gzip in the future.
According to the specification, the responder should accept sha1-transformed entity IDs.
For example, a request for {sha1}11d72e8cf351eb6c75c721e838f469677ab41bdb
should be treated as a request for http://example.org/service
.
Instead, all requests involving sha-1 return 404 Not Found. This is for cost optimisation purposes.
Even where the AAF's endpoints accept noncompliant requests, subscribers SHOULD aim to conform fully to the specifications. Noncompliant requests which are accepted today may be rejected tomorrow.