Date: Thu, 28 Mar 2024 14:17:28 +0000 (UTC) Message-ID: <332204787.6497.1711635448170@ip-10-10-7-29.ec2.internal> Subject: Exported From Confluence MIME-Version: 1.0 Content-Type: multipart/related; boundary="----=_Part_6496_720815597.1711635448168" ------=_Part_6496_720815597.1711635448168 Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: quoted-printable Content-Location: file:///C:/exported.html
Jump to:
InCommon metadata is the instantiation of the Trust Re= gistry described in Trusted Relationships for Acce= ss Management: The InCommon Model.
InCommon metadata contains information about every entity (Identity = Provider or Service Provider) known within the InCommon Federation.
All of each entity's metadata is contained in an <EntityDe=
scriptor>
XML element with an entityID
XML attr=
ibute. This entityID must be globally unique and, therefore, must in the fo=
rm of a URL rooted in the entity's organization's domain, as described in <=
a href=3D"/display/federation/saml-metadata-entityid">Entity ID. For mo=
re information, see:
These elements provide contact information for people who have various r= oles (administrative, technical, security, and support) for the entity, as = described in Co= ntacts information. For more information, see:
The <Organization> element provides information about the organiza= tion that is legally responsible for the entity, including the organiz= ation's legal name, preferred display name, and home page URL. This in= formation is vetted by InCommon and stored in the metadata for all of the o= rganization's entities.
These elements provide information to help end users to navigate the han= doffs between a Service Provider and the user's Identity Provider during di= scovery and login, as described in User interface elements and Error Handling URL. For more= information, see:
These are URLs of the entity's SAML service endpoints, as described in&n= bsp;IdP SSO = Settings (IDPSSODescriptor) and SP SSO Settings (SPSSODescriptor). For more= information see:
These are the signing and encryption keys associated with the Connection= Endpoints to verify authenticity and provide privacy of the information ex= changed, as described in Signing and Encryption Keys.
Qualifications and capabilities are formal assertions of specific i= nformation about the entity, generally related to how it should be treated = by other entities, as described in Qualifications and Capabilities (Enti= ty Attributes, etc.).
For more information, see:
Registrar Inf= ormation
This element identifies the registration authority (i.e., the e= ntity's federation) that enrolled this entity, verified its contacts, and r= eviewed its entity attributes (when review is required). For more informati= on, see:
In addition to the information provided for each entity, there is inform= ation that allows you to verify the organization (in this case, InCommon) t= hat publishes the metadata that you retrieve.
<mdrpi:PublicationInfo>
element. For aggregates=
published by InCommon, this is https://incomm=
on.org
. For more information, see:
<Signature>
element can =
be (and should be) used to verify that the information was signed by the pr=
ivate key held by the expected publisher.The following metadata elements also appear in InCommon metadata:
The SAML representation of InCommon metadata is defined in
Please see the OASIS SAML Wiki for current versions of these= documents. Other specifications may apply in specific circumstances, as no= ted in the pages linked below. (Note: Per the eduGAIN Policy Framework<= /a>, the "md:" XML namespace prefix indicated below does not always appear = in distributed metadata. In particular, InCommon-registered metadata does n= ot include the prefix.)