Assuming you trust the metadata registration practices of the InCommon Federation, you will want to verify the XML signature on each and every metadata aggregate you consume. Failure to do so will seriously compromise the security of your metadata refresh process.
...