The registered-by-incommon entity category is added to the metadata for every entity that has been registered through InCommon's Registration Authority (RA) processes. It allows for quick determination if a specific entity has met the requirements outlined in the InCommon Participation Agreement and the documents it references. Practically speaking, the registered-by-incommon entity attribute can used by SP and IdP deployments to reverse the effects of importing eduGAIN entities (which may not adhere to the same participation requirements) into the InCommon production aggregate. See eduGAIN Considerations for InCommon Execs for more information regarding international interfederation.
Currently all entity metadata in the InCommon production aggregate were registered by the InCommon registrar and therefore every entity descriptor contains the following extension element:
| Code Block |
|---|
| language | xml |
|---|
| theme | Confluence |
|---|
| title | The RegistrationInfo element in InCommon metadata |
|---|
|
<md:Extensions xmlns:mdrpi="urn:oasis:names:tc:SAML:metadata:rpi">
<mdrpi:RegistrationInfo registrationAuthority="https://incommon.org"/>
</md:Extensions> |
The value of the registrationAuthority XML attribute in the previous extension element is the ID of the InCommon registrar. Every metadata registrar has such a globally unique identifier. As other metadata (such as eduGAIN metadata) is imported into the InCommon aggregate, the <mdrpi:RegistrationInfo> element will become a distinguishing characteristic of entity metadata.
| Button Hyperlink |
|---|
| icon | info |
|---|
| title | Examples: using the Registered By InCommon Category |
|---|
| type | subtle |
|---|
| url | Examples - Using the Registered by InCommon category |
|---|
|
Since the <mdrpi:RegistrationInfo> element is not widely supported in software, every occurrence of mdrpi:RegistrationInfo/@registrationAuthority="https://incommon.org/" in metadata is replicated as a fixed entity attribute. This makes it easier for consumers to determine whether the registrar of a given entity descriptor is the InCommon registrar. This is the sole purpose of the Registered By InCommon Category.
| Code Block |
|---|
| language | xml |
|---|
| theme | Confluence |
|---|
| title | The registered-by-incommon entity attribute |
|---|
|
<md:Extensions
xmlns:mdrpi="urn:oasis:names:tc:SAML:metadata:rpi"
xmlns:mdattr="urn:oasis:names:tc:SAML:metadata:attribute">
<mdrpi:RegistrationInfo registrationAuthority="https://incommon.org"/>
<mdattr:EntityAttributes xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">
<saml:Attribute
NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"
Name="http://macedir.org/entity-category">
<saml:AttributeValue>
http://id.incommon.org/category/registered-by-incommon
</saml:AttributeValue>
</saml:Attribute>
</mdattr:EntityAttributes>
</md:Extensions> |
Note that the Registered By InCommon entity category applies to both SPs and IdPs. The semantics of the registered-by-incommon entity attribute are identical to mdrpi:RegistrationInfo/@registrationAuthority="https://incommon.org".