Internet2

close
Use Internet2 SiteID

Already have an Internet2 SiteID?
Sign in here.

Internet2 SiteID

Your organization not listed? Create a local account to use Internet2 services.

Create SiteID

Blogs

Exploring the World of Metadata

Apr 15, 2016, by Nicholas Roy
Tags: Identity Management, InCommon

Global Interfederation has enabled a world of new opportunities and relationships in the trust fabric. As a result of this expanded landscape, some new questions are likely to be asked. How many Identity Providers are there in eduGAIN?  Which federation has the most Service Providers? What is the most widely-published Service Provider across all research and education federations? From which federation does this Service Provider originate?

These and many other questions can be answered using a number of metadata exploration tools that are now available to the InCommon community via its partnerships with REFEDS (Research and Education Federations) and eduGAIN. In order to help members and operators of research and education federations, REFEDS built the Metadata Explorer Tool (MET). This service is available at: https://met.refeds.org/

The MET application shows general statistics about the different types of SAML metadata entities published in each of the known R&E federations. Available information includes:

  • Summary of federations
  • Summary of interfederations
  • Search for SAML entities
  • Details on each entity published, including what federations it’s published in human-readable versions of each entity’s SAML UI data elements, etc.

MET is a great tool that can help you understand global metadata, including IdPs and SPs that may not be published in eduGAIN. That can help you to look for interesting services you may want to ask to have published in eduGAIN, and it might also help you understand how your own SAML entities (if you’re an InCommon Site Admin or Delegated Admin) are being republished.

In addition to MET, the GÉANT eduGAIN ops team has published a couple of tools that can help you find and understand SAML entities that are published in eduGAIN, at a higher level of detail. The first of these is the eduGAIN entities database: https://technical.edugain.org/entities. This tool lets you look for entities published in eduGAIN from any or all of the federations that are members of eduGAIN. It gives an up-to-date view of the number of and types of entities published by eduGAIN, and lets you search on details such as federation of origin, entity category, support for SAML 2.0, etc. One very interesting feature of this application is that it shows "entity clashes" —  SAML entity descriptors that originate in more than one federation, and are published to eduGAIN from more than one federation. It will show which entity descriptor, of all available, was chosen for inclusion in the eduGAIN metadata. That can help you understand potential problems such as metadata elements that may be missing from an entity descriptor imported from eduGAIN, that you think should be available, but are not. While we’re talking about that, you should know that any entity that is published in InCommon will always take precedence — that is, if an entity is published in InCommon and eduGAIN, InCommon will always publish the InCommon version of the entity descriptor.

The other tool that eduGAIN provides is the eduGAIN Connectivity Check Service (ECCS): https://technical.edugain.org/eccs/. This application lets you browse and search IdPs that are known to exist in global R&E federations, and highlights potential issues that these IdPs may have in offering service via eduGAIN. For example, they may not be published in eduGAIN, or may have connectivity problems.

We hope you find these tools useful — if you have any feedback or questions, please send a note to nroy@internet2.edu.

One final note:  If you find this information useful or interesting, or you are just generally interested in collaborating in the development of federations, we strongly encourage you to join the REFEDS community. It’s open to all, and is somewhat analogous to an international version of the InCommon Participants list. REFEDS is the primary place where the community defines international R&E federation practices, policies, standards, etc. One good example is the global Research and Scholarship (R&S) entity category.  You can find out more about participating in REFEDS at: https://refeds.org/