Metadata: basis for trust and interoperability
In a SAML-based federation like InCommon, metadata allows Service Providers and Identity Providers to communicate with each other safely and securely. In other words, metadata is the basis for trust and interoperability within the InCommon Federation.
About the InCommon metadata
InCommon reviews metadata submissions Monday through Friday at approximately 2:30 p.m. Eastern time, then publishes the updated metadata file at approximately 3:00 p.m. Eastern time (exact times may vary). This schedule is subject to our normal hours of operation and holidays.
The InCommon Federation publishes four different metadata aggregates. Multiple aggregates allow changes to metadata to be deployed more quickly, easily, and safely. Metadata consumers choose exactly one of the three aggregates depending on the immediate requirements of their deployment.
Using the InCommon metadata
Download and refresh metadata daily – Retrieving metadata frequently ensures your service has the lastest security key and service location information from fellow integration entities. It helps ensure the security and interoperability.
Use the right metadata client software – When consuming the InCommon metadata, we strongly encouraging using software designed to properly handle Federation-validated SAML metadata. When configured correctly, these client software validate the expiration date and verify the XML signature on downloaded metadata.
To learn more, see the Consume InCommon Metadata topic in the InCommon Federation Library wiki.
Managing your metadata
An Incommon Participant manages its InCommon-registered entity metadata via designated Site Administrators. Using a web tool called Federation Manager, the Site Administrator is responsible for creating and maintaining the organization’s metadata registered with the InCommon Federation.
See the Federation Manager User Guide to learn more about how to manage your organization’s InCommon-registered metadata.
Metadata submissions are usually processed within one (1) business day, pending the nature of the submission.
The submitted metadata is vetted and approved by the InCommon Registration Authority (RA). The RA checks the correctness and integrity of all submitted metadata to ensure the security of the SAML protocol.
Questions? Subscribe to the firstname.lastname@example.org mailing list: https://lists.incommon.org/sympa/info/metadata-support