The Incommon Federation wiki has moved.

Please visit the new InCommon Federation Library wiki for updated content. Remember to update your bookmarks.

Click in the link above if you are not automatically redirected in 15 seconds.



Metadata Registration and Publication Info

The SAML V2.0 Metadata Extensions for Registration and Publication Information is a specification for a set of extension elements to SAML metadata. These elements are particularly important for the purposes of interfederation. In particular, every entity descriptor exported to eduGAIN must include the globally unique identifier of the registrar that registered that entity descriptor.

Registration Info

Since metadata registrars rely on a wide variety of operating practices, we expect some metadata consumers to care who the registrar is, at least in the short term. To accommodate this potential need, the globally unique identifier for the InCommon registrar is included in every entity descriptor registered by InCommon:

The RegistrationInfo Element
<md:Extensions
    xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata"
    xmlns:mdrpi="urn:oasis:names:tc:SAML:metadata:rpi">
  <mdrpi:RegistrationInfo registrationAuthority="https://incommon.org"/>
</md:Extensions>

According to the MD-RPI specification, the above extension element (and therefore the registrar's ID) may be inserted either at the aggregate level or the entity level. To accommodate per-entity metadata, the <mdrpi:RegistrationInfo> element is inserted at the entity level.

By definition, the <mdrpi:RegistrationInfo> element has an optional <mdrpi:RegistrationPolicy> child element but the latter is not included in metadata registered by InCommon.

Every entity descriptor tagged with registrar ID "https://incommon.org" is implicitly associated with the default InCommon Metadata Registration Practice Statement.

Registered By InCommon Category

As suggested earlier, the registrar ID in entity metadata may be used to formulate an IdP’s attribute release policy. Since software support for the <mdrpi:RegistrationInfo> element is spotty at best, the Registered By InCommon Category was created.

The registered-by-incommon entity attribute has identical semantics to the <mdrpi:RegistrationInfo> element shown above.

Publication Info

The MD-RPI specification also defines an <mdrpi:PublicationInfo> element with the following three XML attributes:

  1. publisher (required)

  2. creationInstant

  3. publicationId

The latter is omitted from InCommon metadata but the other two are a welcome addition:

The PublicationInfo Element
<md:Extensions
    xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata"
    xmlns:mdrpi="urn:oasis:names:tc:SAML:metadata:rpi">
  <mdrpi:PublicationInfo
      publisher="https://incommon.org"
      creationInstant="2015-02-04T10:00:00Z"/>
</md:Extensions>

Unlike the <mdrpi:RegistrationInfo> element, the <mdrpi:PublicationInfo> element is intended to be used exclusively on the root element of the metadata, which implies the latter element should appear at the aggregate level, not the entity level.

 

#trackbackRdf ($trackbackUtils.getContentIdentifier($page) $page.title $trackbackUtils.getPingUrl($page))
  • No labels