The InCommon Export Aggregate

View a diff of consecutively published export aggregates

InCommon maintains an Export Aggregate for the purposes of interfederation:

In terms of content, the Export Aggregate is a proper subset of the Main Aggregate. For more information about the various metadata aggregates used in the InCommon Federation, see the Download InCommon Metadata parent topic.

End entities typically do not consume the Export Aggregate, which is intended for other federations and aggregation services such as eduGAIN. In any case, the Export Aggregate is signed with the same metadata signing key used to sign other InCommon aggregates. To verify the signature on the metadata, a consumer must obtain an authentic copy of the InCommon Metadata signing certificate.

Including Your Metadata in the Export Aggregate

Entity metadata is included in the Export Aggregate subject to the following policy:

Basic Metadata Export Policy

InCommon Operations refreshes the Export Aggregate daily, in conjunction with the daily metadata-signing process.

  1. IdPs are exported by default (but may choose to opt out)
  2. SPs actively opt in to the export process

InCommon Operations reserves the right to prevent any entity from being exported. See the Interfederation Technical Policy topic for a complete list of export policy rules.

Export Recommendations and Options

InCommon recommends the following options:

  1. IdP operators SHOULD export IdP metadata to eduGAIN. Eventually, we expect all IdP metadata to be exported to eduGAIN except those few IdPs that do not satisfy InCommon’s export policy rules. See the Interfederation Technical Policy document in the wiki for more information.
  2. An SP owner SHOULD export SP metadata to eduGAIN if the deployment intends to interoperate with global IdPs. An SP deployment that interoperates with InCommon IdPs only SHOULD NOT export its metadata to eduGAIN.

To adjust your export option, log into the Federation Manager and then click "IdP Metadata Wizard" or "SP Metadata Wizard" as appropriate. Simply edit the metadata and check the box to indicate your choice.

Type the following commands to obtain a list of entityIDs in the export aggregate:

# InCommon export aggregate distribution point

# Fetch the metadata and list the entityIDs of exported entity descriptors
$ MD_PATH=/tmp/InCommon-metadata-export.xml
$ curl --silent $MD_LOCATION \
    | tee $MD_PATH \
    | grep -F ' entityID=' \
    | sed 's/^.* entityID="\([^"]*\).*$/\1/'
  • No labels