How best to import eduGAIN metadata? There are at least two options:
Option 1. Offer two aggregates:
where the latter is a superset of the former containing contains eduGAIN metadata in addition to InCommon metadata.
Option 2 is strongly preferred since the distinction this method of distinguishing between InCommon metadata and eduGAIN metadata persists even if the entity descriptors are exposed as signed, per-entity metadata. Option 2 has the following additional advantages:
- InCommon SPs can continue exposing the same set of IdPs on their discovery interfaces by filtering all IdPs not having the new entity attribute.
- InCommon IdPs can continue releasing attributes to the same set of SPs by directly leveraging referring to the new entity attribute in their attribute release policy.
- Besides eduGAIN entities, other “foreign” entities can be safely introduced into InCommon metadata:
- Participants can introduce arbitrary entity descriptors into InCommon metadata. Entity descriptors that are vetted by the InCommon RA get the above entity attribute while those that aren’t vetted get another entity attribute (or no entity attribute at all). In other words, the entity attribute indicates the relevant metadata registration practice statement in effect.
- Entities registered by regional federations are a special case of the above.