Jump to: 

Query instead of "download" 

The new InCommon Metadata Distribution Service is based on the Metadata Query (MDQ) protocol. It eliminates the need for a metadata consumer to download the entire metadata aggregate. It significantly reduces system resource overhead and reduces start up time.

There is no more need to download the entire metadata aggregate. 

To retrieve metadata using the MDQ-based Metadata Service, visit the new InCommon Metadata Service Wiki.

Simulating the legacy style metadata aggregate

Simulating the legacy aggregate

See Retrieving metadata aggregate with MDQ.

If you previously (before 2020) downloaded the InCommon metadata aggregate and cannot switch over to querying individual entities using the MDQ protocol, the new Metadata Service provides an aggregate endpoint to simulate the legacy InCommon metadata aggregate. The aggregate endpoint is:


IMPORTANT: the new InCommon Metadata Service has a different signing key from the legacy service. If you had configured your service with the legacy key, make sure to update the metadata signing key. See obtain an authentic copy of the InCommon metadata signing certificate.

Retrieving the IdP-only aggregate

See Retrieving metadata aggregate with MDQ.

InCommon produces an metadata aggregate containing only IdP entities. It enable discovery services to retrieve/cache list of identity providers for display purpose. 

The InCommon IdP-only aggregate endpoint is : 


About the Export-only aggregate

InCommon produces an export-only aggregate to support inter-federation through the eduGAIN global R&E inter-federation. To learn more, see the Export-only metadata aggregate topic.

About the "Fallback" aggregate

See Using the fallback aggregate.

Verifying the metadata signature

To ensure you are retrieving the properly vetted metadata fro mInCommon, make you should always verify the signature on metadata according to the instructions. Do not depend solely on HTTPS encryption for the security of your metadata downloads. To learn more, see Best practices when consuming InCommon metadata

The InCommon metadata signed using the same metadata signing key and the SHA-256 digest algorithm. To verify the signature on an aggregate, a consumer must obtain an authentic copy of the InCommon metadata signing certificate.

Retrieving Preview metadata

The "preview" MDQ Service environment allows you to validate your service against upcoming changes to the MDQ Service.