Global metadata is imported directly into the main production aggregate. |
The following import rules have been implemented (in order):
mdrpi:RegistrationInfo[@registrationAuthority='https://incommon.org']
<mdui:Logo>
elements (not entities) with a URL that is not HTTPS-protectedmdui:UIInfo
elements) within AttributeAuthority
roles.http://
”, “https://
”, “urn:mace
”<shibmd:Scope>
element<shibmd:Scope>
EntityAttributes
elements.RequestedAttributes
elementsA number of additional rules are applied to ensure metadata correctness. Some common minor errors are corrected but entities failing checks such as XML schema validity are removed.
Log all of the following:
|
Name | Value |
---|---|
http://macedir.org/entity-category | http://id.incommon.org/category/registered-by-incommon |
http://macedir.org/entity-category | http://id.incommon.org/category/research-and-scholarship |
http://macedir.org/entity-category-support | http://id.incommon.org/category/research-and-scholarship |
urn:oasis:names:tc:SAML:attribute:assurance-certification | http://id.incommon.org/assurance/bronze |
urn:oasis:names:tc:SAML:attribute:assurance-certification | http://id.incommon.org/assurance/silver |
XML Namespace Whitelist
Namespace | Prefix |
---|---|
urn:oasis:names:tc:SAML:metadata:algsupport | alg |
http://www.w3.org/2000/09/xmldsig# | ds |
urn:oasis:names:tc:SAML:2.0:profiles:holder-of-key:SSO:browser | hoksso |
http://id.incommon.org/metadata | icmd |
urn:oasis:names:tc:SAML:profiles:SSO:idp-discovery-protocol | idpdisc |
urn:oasis:names:tc:SAML:profiles:SSO:request-init | init |
urn:oasis:names:tc:SAML:2.0:metadata | md |
urn:oasis:names:tc:SAML:metadata:attribute | mdattr |
urn:oasis:names:tc:SAML:metadata:rpi | mdrpi |
urn:oasis:names:tc:SAML:metadata:ui | mdui |
http://refeds.org/metadata | remd |
urn:oasis:names:tc:SAML:2.0:assertion | saml |
urn:mace:shibboleth:metadata:1.0 | shibmd |
http://www.w3.org/2001/04/xmlenc# | xenc |
http://www.w3.org/XML/1998/namespace | xml |
http://www.w3.org/2001/XMLSchema-instance | xsi |
InCommon Operations refreshes the export aggregate daily, in conjunction with the daily metadata-signing process.
InCommon Operations reserves the right to prevent any entity from being exported. |
The following export rules have been implemented:
mdrpi:RegistrationInfo[@registrationAuthority='https://incommon.org']
http://id.incommon.org/category/research-and-scholarship
AssertionConsumerService
endpoint that supports the HTTP-POST binding will not be exported.SingleSignOnService
endpoint that supports the HTTP-Redirect binding will not be exported.Namespace | Prefix |
---|---|
http://id.incommon.org/metadata | icmd |
http://refeds.org/metadata | remd |
http://www.w3.org/2000/09/xmldsig# | ds |
http://www.w3.org/2001/XMLSchema-instance | xsi |
http://www.w3.org/XML/1998/namespace | xml |
urn:mace:shibboleth:metadata:1.0 | shibmd |
urn:oasis:names:tc:SAML:2.0:assertion | saml |
urn:oasis:names:tc:SAML:2.0:metadata | md |
urn:oasis:names:tc:SAML:metadata:attribute | mdattr |
urn:oasis:names:tc:SAML:metadata:rpi | mdrpi |
urn:oasis:names:tc:SAML:metadata:ui | mdui |
urn:oasis:names:tc:SAML:profiles:SSO:idp-discovery-protocol | idpdisc |