Date: Fri, 29 Mar 2024 06:55:57 +0000 (UTC) Message-ID: <509454287.7573.1711695357484@ip-10-10-7-29.ec2.internal> Subject: Exported From Confluence MIME-Version: 1.0 Content-Type: multipart/related; boundary="----=_Part_7572_850928371.1711695357482" ------=_Part_7572_850928371.1711695357482 Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: quoted-printable Content-Location: file:///C:/exported.html
The new InCommon Metadata Distrib= ution Service is based on the Metadata Query (MDQ) protocol. It eliminates = the need for a metadata consumer to download the entire metadata aggregate.= It significantly reduces system resource overhead and reduces start up tim= e.
There is no more need to download the entire metadata aggregate. = p>
To retrieve metadata using the MDQ-based Metadata Servic= e, visit the new InCommon Metadata Service W= iki.
See Retrieving metadata aggregate with MDQ.
If you previously (before 2020) d= ownloaded the InCommon metadata aggregate and cannot switch over to = span>querying individual <= /span>entities using the MDQ protocol, the new Metadata Service provides an= aggregate endpoint to simulate the legacy InCommon metadata aggregate. The= aggregate endpoint is:
https://= mdq.incommon.org/entities
IMPORTANT: the new InCommon Metadata Service has a di= fferent signing key from the legacy service. If you had configured your ser= vice with the legacy key, make sure to update the&nbs= p;metadata signing key. See obtain an authentic copy of the InCommon metadata signing ce= rtificate.
See Retrieving metadata aggregate with MDQ
InCommon produces an metadata aggrega= te containing only IdP entities. It enable discovery services t= o retrieve/cache list of identity providers for display purpose.
The InCommon IdP-only aggregate endpoint is :
https://= mdq.incommon.org/entities/idps/all
InCommon produces an export-only aggregate to support inter-federation t= hrough the eduGAIN<= /a> global R&E inter-federation. To learn more, see the Export-only metadata a= ggregate topic.
See Us= ing the fallback aggregate.
To ensure you are retrieving the properly vetted metadata fro mInCommon,= make you should always verify the signature on metadata according to the i= nstructions. Do not depend solely on HTTPS encryption for = the security of your metadata downloads. To learn more, see Best practices when co= nsuming InCommon metadata.
The InCommon metadata signed usin= g the same metadata signing key and the SHA-256 digest algorithm. To v= erify the signature on an aggregate, a consumer must obtain an authentic copy of t= he InCommon metadata signing certificate.
The "preview" MDQ Service environment allows you to validate your s= ervice against upcoming changes to the MDQ Service.
See:
Can't find what you are looking for?