InCommon Metadata

Certificates in Metadata We will transition the entire federation to self-signed certificates with 2048-bit keys by the end of 2012. Visit our wiki for more information about X.509 Certificates in Metadata.

Response Time and Hours of Operation

InCommon metadata is the basis for trust within the InCommon Federation. In a very real sense, SAML metadata powers the federation. Without metadata, trusted operations within the Federation would grind to a halt.

Put another way, SAML metadata represents the trust backbone of the InCommon Federation. Within the federation, trust is based on what effectively is a SAML-based PKI (as opposed to a more traditional X.509 Certificate-based PKI) built on top of trusted SAML metadata.

Federation participants trust InCommon to vet the metadata content submitted by other participants. In turn, InCommon vouches for the integrity of the metadata it makes available to participants. This implicit trust agreement underlies and strengthens the security of the SAML protocol exchanges used throughout the Federation.

Metadata Distribution

The InCommon Federation metadata is published in the following location:
http://wayf.incommonfederation.org/InCommon/InCommon-metadata.xml

We strongly recommend that you refresh your metadata daily to ensure that you have the most up-to-date keys and other registered information. Failure to do so will cause operational errors of various kinds and risk exposure to revoked participant keys in the event of a reported compromise. The InCommon wiki outlines the technical details associated with metadata consumption.

InCommon publishes a diff of consecutive metadata files every time we publish a new metadata document. The diff is sent to an e-mail list for convenience. To subscribe to the e-mail list, send a message to sympa@incommon.org with the subject line: sub metadata-diff.

Metadata Administration

Participants submit their metadata to InCommon through an administrative web interface (site admin login required). Metadata submissions are usually processed within one (1) business day. Typically, submissions are reviewed Monday through Friday, at approximately 2:30 pm Eastern Time, and published at approximately 3:00 pm Eastern Time, although exact times may vary. This schedule is subject to our normal hours of operation.

For More Information

https://spaces.internet2.edu/display/InCCollaborate/Metadata+Consumption
https://spaces.internet2.edu/display/InCCollaborate/Metadata+Administration
https://wiki.shibboleth.net/confluence/display/SHIB2/TrustManagement
https://wiki.shibboleth.net/confluence/display/SHIB2/Metadata

Email any questions to: info AT incommon DOT org
© Copyright 2004-2012 InCommon, LLC. All Rights Reserved.
InCommon is operated by Internet2.
Participation in InCommon is separate and distinct from membership in Internet2.