- Created by Albert Wu (internet2.edu), last modified on Apr 26, 2019
You are viewing an old version of this page. View the current version.
Compare with Current View Page History
« Previous Version 17 Next »
About the InCommon Metadata Service
As a prerequisite to trusted exchange of identity information between Identity Providers (IdPs) and Service Providers (SPs), those IdPs and SPs must be introduced to each other in a trusted manner to exchange information about organizational identities and designated contacts, certifications that have been achieved, technical information to enable interoperation, public keys to authenticate information exchanges, information to improve user experience, and the organization (e.g., InCommon) that performed the introduction.
InCommon metadata is the registry of those trusted introductions. In a very real sense, SAML metadata powers the Federation. Without metadata, trusted operations would grind to a halt.
Trusted metadata makes multilateral federation possible.
As part of their compliance with the InCommon Participation Agreement, Participants provide accurate metadata for their IdPs and SPs. InCommon reviews that information for validity and publishes it as that registry. This process underlies and strengthens the security of the SAML protocol exchanges used throughout the federation.
Downloading the InCommon metadata
Today all entity metadata distributed by InCommon is in the form of signed SAML metadata aggregates. A secure, offline metadata signing process aggregates metadata registered by InCommon Participants together with metadata imported from eduGAIN and pushes the signed metadata aggregates to a secure, publicly accessible metadata server.
Eventually the unwieldy metadata aggregates will give way to per-entity distribution methods such as those based on the Metadata Query Protocol.
Metadata Format
InCommon metadata conforms to the OASIS SAML V2.0 Metadata specification and is schema-valid against the OASIS SAML V2.0 Metadata schema, which is an XML Schema. A handful of extension schema published by OASIS are supported as well.
InCommon metadata is translated from XML to JSON on a daily basis. The latter are used to render the Federation Info Pages. See the wiki topic on Metadata-Driven Web Pages for more information.
On the horizon: per-entity metadata service
In June 2019, the InCommon Federation will introduce the per-entity metadata service (MDQ service). MDQ service allows metadata consumers to lookup individual entity metadata at run time through web query. There is no more need to download and pre-load a large metadata aggregate at system start up time.
The MDQ service is in technology preview right now. For more information see InCommon Metadata Service Wiki.
Further Reading
- Consume InCommon metadata
- Publish metadata in InCommon
- Metadata signing process
- Managing trust in keys used for metadata
- Metadata-Driven Web Pages
- Shibboleth documentation on metadata
configure Download InCommon metadata
On this page
In this section
Related content
-
Page:
-
Page:
-
Page:
-
Page:
-
Page:
-
Page:
Get help
Can't find what you are looking for?
- No labels