The Incommon Federation wiki has moved.

Please visit the new InCommon Federation Library wiki for updated content. Remember to update your bookmarks.

Click in the link above if you are not automatically redirected in 15 seconds.



You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 26 Next »

User Interface Elements in SP Metadata

This page describes how an SP site administrator adds user interface elements to metadata. These elements are used by IdP implementations to enhance their user interfaces. See the section on software support for a complete list of supported applications.

Updating your Metadata

Login to the metadata administrative interface as usual. Along the left hand side, click on the link "Service Provider Metadata Wizard" and then click on the entity ID of the SP you wish to edit. Now click "View, Edit, or Delete SP metadata," click "Edit," and finally click "Add New User Interface Elements and Requested Attributes". A web form to enter the new elements will appear (see screen shot to the right).

When you press "Save," an <mdui:UIInfo> extension element is inserted into your metadata. From that point forward, you manage these elements the same as you would any other metadata element.

User Interface Elements

All of the input fields below except Display Name are optional for SPs.

Display Name

The Display Name is a user friendly name for the service. Typically, the value of the Display Name field will appear on login and error pages at the IdP, and also on the consent page. If the corresponding element <mdui:DisplayName> does not exist in metadata, applications are required to fall back on the <md:OrganizationDisplayName> element, which typically does not reflect the service but rather the organization that runs the service. Such an organization may in fact run multiple SP services so the organization name is a poor choice to use on a user interface.

The <mdui:DisplayName> element is an optional child element of the <mdui:UIInfo> extension element but SP operators are required to supply this information.

Description

A brief Description (100 characters or less) of the service may be provided. On computers that support a pointing device (such as a mouse, e.g.), the content of this input field will pop up when the user hovers over the Display Name.

The <mdui:Description> element is an optional child element of the <mdui:UIInfo> extension element but SP operators are encouraged to supply this information.

Information URL

The Information URL is used to create a link to a service information page. The content of this page should expand on the content of the Description field.

The <mdui:InformationURL> element is an optional child element of the <mdui:UIInfo> extension element but SP operators are encouraged to supply this information.

Privacy Statement URL

The Privacy Statement URL is used to create a link to a Privacy Statement targeted at users.

The <mdui:PrivacyStatementURL> element is an optional child element of the <mdui:UIInfo> extension element but SP operators are strongly encouraged to supply this information.

Your Privacy Statement

The importance of a Privacy Statement can not be overstated. Users will be instructed to consult the SP's Privacy Statement, lack of which will cause some users to decline attribute release.

Your POP may already contain statements regarding privacy. One approach, therefore, is to refactor the relevant sections of your POP into a Privacy Statement targeted at the user.

The Relation Between your POP and the Privacy Statement

Since you only have one POP, it necessarily applies to all of your SP deployments. In that sense, the granularity of the POP is not sufficient for those sites supporting multiple SPs. On the other hand, your Privacy Statement refers to a single SP deployment.

Note: A Privacy Statement may be shared across multiple SP deployments. Not all SPs have the same privacy requirements, however, so you should carefully consider the granularity that best fits your overall SP deployment.

Logo URL

The Logo URL is a service logo for building graphical user interfaces

The <mdui:Logo> element is an optional child element of the <mdui:UIInfo> extension element but SP operators are encouraged to supply this information. Although this element is optional, there are applications that can leverage this element in metadata. A consent interface, for example, may use a visual cue (i.e., a logo) instead of or in addition to the Display Name.

SP operators are encouraged to provide a Logo URL that satisfies the following requirements:

  • the Logo URL must be specified using an HTTPS URL
  • the resource at the Logo URL must be an unprotected image resource
  • the host in the Logo URL must reside in a domain owned by the IdP

The first two are technical requirements whereas the latter is a policy requirement. These are the only strict requirements of a Logo URL in metadata.

The actual size of the logo may vary. You will be asked to enter the actual width and height of the logo (in pixels). A downstream application will select your logo (or not) based on the actual width and height entered into metadata.

Generally useful logos will have the following characteristics:

  • the logo should have a transparent background
  • the logo should have a landscape orientation (width > height)
  • the logo should have a minimum width of 100 pixels
  • the logo should have a minimum height of 75 pixels

Logos that meet the minimum width and height requirements can be scaled down by the application as needed. Logos that do not meet the minimum width and height requirements may be ignored by applications.

There is no consensus as to what constitutes an optimal aspect ratio. For some applications, an aspect ratio between 4:3 and 16:9 is considered optimal. Other applications will have a page layout such that an approximate 2.5 aspect ratio is optimal. A future version of the administrative interface will accept multiple logo URLs so that sites may provide a variety of logos.

Software Support

Shibboleth IdP 2.3 (and later) and uApprove 2.2 (and later) support the <mdui:UIInfo> element in SP metadata. If you know of other software applications that support <mdui:UIInfo>, please share this information with the community.

#trackbackRdf ($trackbackUtils.getContentIdentifier($page) $page.title $trackbackUtils.getPingUrl($page))
  • No labels