| Warning | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|
| ||||||||||
We have exciting news! An updated InCommon Federation wiki is now available. Please visit the new InCommon Federation Library for updated content. This wiki is preserved for historical records only. It will no longer be updated. We invite you to come check out the new Library. Don't forget to update your bookmarks accordingly.
|
InCommon Metadata Services
As a prerequisite to trusted exchange of identity information between Identity Providers (IdPs) and Service Providers (SPs), those IdPs and SPs must be introduced to each other in a trusted manner to exchange information about organizational identities and designated contacts, certifications that have been achieved, technical information to enable interoperation, public keys to authenticate information exchanges, information to improve user experience, and the organization (e.g., InCommon) that performed the introduction.
InCommon metadata is the registry of those trusted introductionsInCommon metadata is the basis for trust within the InCommon Federation. In a very real sense, SAML metadata powers the federationFederation. Without metadata, trusted operations within the Federation would grind to a halt.
Put another way, SAML metadata represents the trust backbone of the InCommon Federation. Within the federation, trust is based on what effectively is a SAML-based PKI (as opposed to a more traditional X.509 Certificate-based PKI) built on top of trusted SAML metadata.
| Info |
|---|
Trusted metadata makes multilateral federation possible. |
As part of their compliance with the InCommon Participation Agreement, Participants provide accurate metadata for their IdPs and SPs. InCommon reviews that information for validity and publishes it as that registry. This process Federation participants trust InCommon to vet the metadata content submitted by other participants. In turn, InCommon vouches for the integrity of the metadata it makes available to participants. This implicit trust agreement underlies and strengthens the security of the SAML protocol exchanges used throughout the federation.
Metadata Format
InCommon metadata conforms to the OASIS SAML V2.0 Metadata specification and is schema-valid against the OASIS SAML V2.0 Metadata schema, which is an XML Schema. A handful of extension schema published by OASIS are supported as well.
InCommon metadata is translated from XML to JSON on a daily basis. The latter are used to render the Federation Info Pages. See the wiki topic on Metadata-Driven Web Pages for more information.