Uniform Resource Names as Entity IDs
The use of Uniform Resource Names (URNs) as entity IDs in the InCommon Federation is NOT RECOMMENDED. If an URN is used, the URN namespace MUST be owned by (or delegated to) the organization, that is, the organization MUST document the existence of a valid authorization chain rooted in a namespace listed in the Official IANA Registry of URN Namespaces.
To illustrate, suppose Internet2 submitted SP metadata with entity ID:
This particular entity ID would be acceptable since:
urn:macenamespace is registered with IANA.
- InCommon is authorized by MACE to use the
- Internet2 is authorized by InCommon to use the
urn:mace:incommon:internet2.edunamespace (by virtue of the fact that the latter appears in metadata signed by InCommon Operations).
Therefore the entity ID shown above is valid since there exists a valid authorization chain rooted in an official registered namespace (
Historically, InCommon assigned an URN to all new IdPs, based on the IdP's primary DNS domain name:
However, InCommon no longer issues URNs to IdPs and instead strongly encourages the use of URLs instead. Type the following commands to produce lists of URN-based entityIDs in InCommon metadata:
Simply omit the last command in the pipe (
wc) to produce the actual list, or better yet, view a pre-computed list of URN-based entityIDs in InCommon metadata.