Summary of recommendations re domains in IdP metadata:
InCommon should relax its requirements on domains in IdP endpoints. An authorized site administrator should be allowed to submit an IdP endpoint with any domain whatsoever. The InCommon RA will neither vet nor validate the domains in IdP endpoints submitted to InCommon.
InCommon should strongly recommend that the owner of the IdP also own the domains in IdP endpoints.
InCommon should continue to enforce strict requirements on entityIDs in IdP metadata. See the Entity IDs wiki page (and its child pages) for details.
InCommon should continue to enforce strict requirements on scopes in IdP metadata. See the Scope in Metadata wiki page for details.
HTTPS-protected protocol endpoints
Will introduce this topic on the mailing list
Update: Signed per-entity metadata now produced daily