Global metadata is imported directly into the main production aggregate. |
For the v9 deployment of the metadata aggregator (released 2019-03-20), the following import rules will be implemented (in order):
mdrpi:RegistrationInfo[@registrationAuthority='https://incommon.org']
<mdui:Logo>
elements (not entities) with a URL that is not HTTPS-protectedmdui:UIInfo
elements) within AttributeAuthority
roles.http://
”, “https://
”, “urn:mace
”<shibmd:Scope>
element<shibmd:Scope>
regexp="false"
scope values must:.com
or .edu
listed in the public suffix listregexp="true"
scope values must:\.
'),example
", "edu
") separated by encoded dots ('\.
'),.com
or .edu
listed in the public suffix list$
' anchorEntityAttributes
elements.RequestedAttributes
elementsA number of additional rules are applied to ensure metadata correctness. Some common minor errors are corrected but entities failing checks such as XML schema validity are removed.
Log all of the following:
View the published import filter logs
Name | Value |
---|---|
http://macedir.org/entity-category | http://id.incommon.org/category/registered-by-incommon |
http://macedir.org/entity-category | http://id.incommon.org/category/research-and-scholarship |
http://macedir.org/entity-category-support | http://id.incommon.org/category/research-and-scholarship |
urn:oasis:names:tc:SAML:attribute:assurance-certification | http://id.incommon.org/assurance/bronze |
urn:oasis:names:tc:SAML:attribute:assurance-certification | http://id.incommon.org/assurance/silver |
Namespace | Prefix |
---|---|
urn:oasis:names:tc:SAML:metadata:algsupport | alg |
http://www.w3.org/2000/09/xmldsig# | ds |
urn:oasis:names:tc:SAML:2.0:profiles:holder-of-key:SSO:browser | hoksso |
http://id.incommon.org/metadata | icmd |
urn:oasis:names:tc:SAML:profiles:SSO:idp-discovery-protocol | idpdisc |
urn:oasis:names:tc:SAML:profiles:SSO:request-init | init |
urn:oasis:names:tc:SAML:2.0:metadata | md |
urn:oasis:names:tc:SAML:metadata:attribute | mdattr |
urn:oasis:names:tc:SAML:metadata:rpi | mdrpi |
urn:oasis:names:tc:SAML:metadata:ui | mdui |
http://refeds.org/metadata | remd |
urn:oasis:names:tc:SAML:2.0:assertion | saml |
urn:mace:shibboleth:metadata:1.0 | shibmd |
http://www.w3.org/2001/04/xmlenc# | xenc |
http://www.w3.org/XML/1998/namespace | xml |
http://www.w3.org/2001/XMLSchema-instance | xsi |
Basic Metadata Export Policy
InCommon Operations refreshes the export aggregate daily, in conjunction with the daily metadata-signing process.
InCommon Operations reserves the right to prevent any entity from being exported.
The following export rules have been implemented:
mdrpi:RegistrationInfo[@registrationAuthority='https://incommon.org']
http://id.incommon.org/category/research-and-scholarship
AssertionConsumerService
endpoint that supports the HTTP-POST binding will not be exported.SingleSignOnService
endpoint that supports the HTTP-Redirect binding will not be exported.Namespace | Prefix |
---|---|
http://id.incommon.org/metadata | icmd |
http://refeds.org/metadata | remd |
http://www.w3.org/2000/09/xmldsig# | ds |
http://www.w3.org/2001/XMLSchema-instance | xsi |
http://www.w3.org/XML/1998/namespace | xml |
urn:mace:shibboleth:metadata:1.0 | shibmd |
urn:oasis:names:tc:SAML:2.0:assertion | saml |
urn:oasis:names:tc:SAML:2.0:metadata | md |
urn:oasis:names:tc:SAML:metadata:attribute | mdattr |
urn:oasis:names:tc:SAML:metadata:rpi | mdrpi |
urn:oasis:names:tc:SAML:metadata:ui | mdui |
urn:oasis:names:tc:SAML:profiles:SSO:idp-discovery-protocol | idpdisc |