Versions Compared

Old Version 2

changes.mady.by.user trscavo@internet2.edu

Saved on

compared with

New Version 3

changes.mady.by.user trscavo@internet2.edu

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

A frequently asked question from new SaaS providers is: Should I publish one comprehensive entity descriptor for all my customers or should I publish a separate entity descriptor for each of them? Well, that is completely up to youEither is fully supported by InCommon and selection of one or the other is more an art than a science. For your convenience, here we provide some information below that will help you make an informed decision.

First, there are neither technical nor policy constraints with respect to endpoints endpoint locations in SP metadata. That is, a single SP entity descriptor may have any number of endpoints. We have There are SPs in InCommon metadata with scores, even hundreds of endpoints in a single entity descriptor.

...

So it goes both ways. Which approach is best?

All other things being equal, one entity descriptor per customer affords the greatest flexibility. This approach requires more work initially, but in the long run, advantages with respect to privacy, usability, and maintainability make this the best option
Tip

The entity descriptor is the basic unit of policy and interoperability. If entity descriptors are handled in a common way for all your customers, then consolidation into a single entity often makes sense. A question to begin with is, “does my web app look like one common service for all customers, or does it look more like an isolated instance of the service deployed specifically for a given customer?”

If the web app does not look like one shared service environment for all customers, then the ability for policy and interoperability to vary by customer across multiple entity descriptors is valuable. This approach offers the greatest flexibility. On the other hand it can complicate documentation and requires more deployment effort for each organization and for the service provider itself.

For their part, campuses vary with respect to what they require for vendor integration. Some want to own the metadata (for business continuity reasons) but are happy to delegate the administration of that metadata to the vendor (and our Federation Manager supports that model). Others prefer a more hands-off approach and would rather leave the management of metadata entirely to the vendor. What your customers want (combined with what you, the SaaS provider, are willing and/or able to provide) will influence your approach to metadata management.

...