Internet2

InCommon is operated by Internet2
InCommon

About            Participants            Join InCommon

Federation

Join InCommon

Federation Manager Login

Supporting Collaboration

Resources for Site Admins

Password Reset

Changing Exec/Site Admin

Baseline Expectations for Trust in Federation

InCommon Incident Handling and Reports

InCommon Metadata

Official Documents

Assurance

Case Studies

Federation Basics

InCommon Metadata

In a SAML-based federation like InCommon, metadata allows Service Providers and Identity Providers to communicate with each other safely and securely. In other words, metadata is the basis for trust and interoperability within the InCommon Federation.

Metadata Production

InCommon reviews metadata submissions Monday through Friday at approximately 2:30 pm Eastern time, then publishes the updated metadata file at approximately 3:00 pm Eastern time (exact times may vary). This schedule is subject to our normal hours of operation and holidays.

The InCommon Federation publishes four different metadata aggregates. Multiple aggregates allow changes to metadata to be deployed more quickly, easily, and safely. Metadata consumers choose exactly one of the three aggregates depending on the immediate requirements of their deployment.

Metadata Administration

Details for site administrators responsible for creating and maintaining metadata are available on the InCommon wiki, including information about IdP and SP metadata elements and the InCommon extension schema.

Metadata Distribution

It is strongly recommended that each deployment in the InCommon Federation refresh and verify metadata at least daily. Regular metadata refresh helps maintain the security and interoperability of your deployment and the deployments of others.

Participants are strongly encouraged to use metadata client software that properly handles metadata. When configured correctly, client software will validate the expiration date and verify the XML signature on downloaded metadata.

Metadata Registration

Participants submit their metadata to InCommon via a web interface called the Federation Manager. Metadata submissions are usually processed within one (1) business day but may take longer depending on the nature of the submission.

Submitted metadata is vetted and approved by the InCommon Registration Authority (RA). Since the security of the SAML protocol depends on the proper use of metadata, the RA checks the correctness and integrity of all submitted metadata.

More Information

Questions? Subscribe to the metadata-support@incommon.org mailing list: https://lists.incommon.org/sympa/info/metadata-support

Copyright 2004-2018 InCommon LLC. All rights reserved. admin@incommon.org. InCommon is operated by Internet2.