This post documents SAFIRE’s experiments with, and ultimate deployment of, a smartcard-based HSM for SAML metadata signing in the hope that we can help other emerging federations along the way. …

On January 30, SAFIRE generated a new metadata signing key which will be used to sign all of the Federation’s metadata aggregates. …

Metadata is the basis of trust in any federation, and this makes the key management practices for metadata signing particularly important. In response to suggestions from other federation operators, we’ve decided to try and get this “right” from the beginning — at least as far is actually practical for a small federation in its early stages. And “right” means that we should store our metadata signing key in some form of hardware security module.…