Versions Compared

Old Version 18

changes.mady.by.user trscavo@internet2.edu

Saved on

compared with

New Version 19

changes.mady.by.user trscavo@internet2.edu

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

  • An entity ID: 1) MUST be a URI, 2) SHOULD be a URL, and 3) SHOULD NOT be a URN.
    • If an entity ID is a URL, the host part MUST be rooted in the organization's Primary DNS Domain.If an entity ID is a URN (which is NOT RECOMMENDED), an organization MUST document the existence of a valid authorization chain rooted in a namespace listed in the Official IANA Registry of URN Namespaces.
  • The entity ID MUST be globally unique to avoid name collisions both within the Federation and across federations.
  • The entity ID SHOULD contain the primary DNS domain of the organization.
  • The domain name reflected in the entity ID MUST be owned by the submitting organization.

A common misconception is that the entity ID must match the endpoint locations for the deployment. This is not required and is often not the case. Unlike the endpoint locations, the entity ID accurately reflects the organization that owns the entity. Endpoint locations, on the other hand, are resolvable DNS names. An entity ID may or may not actually resolve to a web resource. (If it does, it is usually a page that describes the deployment.)

...

Warning
titleDo NOT change your entity ID!

Once chosen, it is strongly recommended that you do not change the entity ID of an IdP or SP in metadata. Although this is possible in the current version of the Federation Manager (FM), future versions of the FM will not allow an existing entity ID to be changed.

...

However, InCommon no longer issues URNs to IdPs. For new IdPs registered in the Federation, InCommon recommends that URL-based entity IDs be used.

  • If the IdP's entity ID is a URL (which is recommended), the host part MUST be rooted in the organization's Primary DNS Domain.

For example, an IdP might have the following entity ID:

...

For those IdPs that already have an URN-based entity ID, InCommon strongly recommends that you do not change your entity ID to one that is URL-based. In fact, you should never change an IdP entity ID. Doing so will almost certainly cause service disruptions at partner SP sites. The user experience may be adversely affected as well (since discovery interfaces typically write cookies containing the IdP's entity ID).

SP Naming

As with IdPs, InCommon recommends that URL-based entity IDs be used in SP metadata. For example, an SP might have the following entity ID:

...