Response Time and Hours of Operation
InCommon metadata is the basis for trust within the InCommon Federation. In a very real sense, SAML metadata powers the federation. Without metadata, trusted operations within the Federation would grind to a halt.
Put another way, SAML metadata represents the trust backbone of the InCommon Federation. Within the federation, trust is based on what effectively is a SAML-based PKI (as opposed to a more traditional X.509 Certificate-based PKI) built on top of trusted SAML metadata.
Federation participants trust InCommon to vet the metadata content submitted by other participants. In turn, InCommon vouches for the integrity of the metadata it makes available to participants. This implicit trust agreement underlies and strengthens the security of the SAML protocol exchanges used throughout the Federation.
The InCommon Federation metadata is published in the following location:
We strongly recommend that you refresh your metadata daily to ensure that you have the most up-to-date keys and other registered information. Failure to do so will cause operational errors of various kinds and risk exposure to revoked participant keys in the event of a reported compromise. The InCommon wiki outlines the technical details associated with metadata consumption, inlcuding signature verification.
InCommon publishes a diff of consecutive metadata files every time we publish a new metadata document. The diff is sent to an e-mail list for convenience. To subscribe to the e-mail list, send a message to email@example.com with the subject line: sub metadata-diff.
Participants submit their metadata to InCommon through an administrative web interface (site admin login required). Metadata submissions are usually processed within one (1) business day. Typically, submissions are reviewed Monday through Friday, at approximately 2:30 pm Eastern Time, and published at approximately 3:00 pm Eastern Time, although exact times may vary. This schedule is subject to our normal hours of operation.