Child pages
  • Primary DNS Domain
Skip to end of metadata
Go to start of metadata

Early in the boarding process, the InCommon Registration Authority (RA) associates a primary DNS domain with the participating organization. The WHOIS database system is consulted to confirm that the organization does in fact control this domain.  Alternatively, a process of Domain Control Validation (DCV) may be administered by the RA to allow an organization to demonstrate control of a domain. The fact that the organization’s home page is rooted in the primary DNS domain provides additional evidence that the organization controls the domain in question.

Any metadata the organization submits is vetted against the primary DNS domain. In particular, the following metadata elements should be rooted in the primary DNS domain of the organization:

  • the value of the entityID XML attribute, which is an identifier for the entity (SP or IdP) in metadata
  • the value of the <md:OrganizationURL> element, which is the URL of the organization’s home page (mentioned earlier)
  • the value of the <shibmd:Scope> element, which is used by an IdP to construct so-called scoped attributes (such as eduPersonPrincipalName)

The RA is authoritative for the organization URL (<md:OrganizationURL>) and the Scope (<shibmd:Scope>). The organization’s site administrator specifies the remaining values in metadata, which are vetted by the RA.

If the entityID and scope (the latter is applicable only to IdP metadata) are rooted in the primary DNS domain, the submitted metadata is approved and the update request proceeds. Otherwise a manual vetting process is triggered, which may delay the approval process.

  • No labels