Child pages
  • Consultation for InCommon Federation Participant Domain Use Policy
Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 18 Next »

This consultation is now closed


Document for review/consultation


InCommon is seeking to modify its policy with regard to Participant use of domains in SAML metadata.  This consultation seeks input on the new proposed policy.

For a definition of the word nonce as used in the document under consultation, please see:



Change Proposals and Feedback - We welcome your feedback/suggestions here 

If you have comments that do not lend themselves well to the tabular format below, please create a new Google doc and link to it in the suggestion section below.


Current Text
Proposed Text / Query / Suggestion
+1 (add your name here if you agree with the proposal)
Action (please leave this column blank)
1Domains must be controlled by the registrar

A service must be operated by or on behalf of the registrar, but may be hosted in an arbitrary domain, with InCommon performing vetting replacing the DCV/WHOIS system of today

Nate Klingenstein (California State University)Marcus Mizushima (California State University, Office of the Chancellor).
"securely communicated to Participant"
is it worth covering what mechanisms are proposed? (and if the nonce is to be on a known record/URL or published in DNS why does there need to be a secure channel?Alan Buxey (MyUNiDAYS Ltd.)  
3" the requested DNS name (A or AAAA record)"There are valid use cases where the InCommon Participant owns/controls the domain but uses CNAMEs to direct traffic to infrastructure operated by other organizations on behalf of the InCommon Participant. The restriction requiring A or AAAA records should be removed.Scott Koranda (LIGO)Patrick Radtke (Cirrus Identity)




See Also

  • No labels