The principal use of contact information in metadata is to enable effective communication between Federation participants, especially when systems fail, when users encounter problems, or when a security incident occurs.
InCommon will phase in the Baseline Expectations program through much of calendar year 2018. Over time, this program will make some user interface elements mandatory (these are noted below). InCommon recommends adding all of these user elements to your metadata; in particular those that will become mandatory. For more information, see the Baseline Expectations wiki page.
A secondary function is to support user interfaces (UIs) but much of the contact information displayed by an identity provider or service provider (for example on error, discovery, login, or consent pages) is self-owned and therefore known by the presenting site. A notable exception is an identity provider contact suitable for brokering attribute release changes when users encounter failures accessing services because the Requested Attributes are not released to SPs.
- At least one technical contact is REQUIRED in metadata.
- At least one administrative contact is REQUIRED in metadata.
- As part of the roll out of InCommon's Baseline Expectations program, at At least one security contact will be REQUIRED. You are advised to add a security contact to your metadata NOW.
- contact is REQUIRED in metadata.
Contact information should be role-based such as email@example.com rather than individual such as firstname.lastname@example.org.