It is important that the member organizations are represented in the organization elements of their metadata. This is a fundament for entity ownership and trust in the federation.   

Every member's metadata must include information that identify the member owning the entity. This means that the member's legal name must be represented in each federation's organization declaration, see table below. The name must be the same for every entity that a member wants to publish.


 Federation Attribute Comment
 SAML OrganizationName Legal name for the member organization
 Moa (FedTLS) organization Legal name for the member organization
 Moa (FedTLS) organization-id Organization number for the member organization 


It is not permitted to be organizationally represented by another organization, such as a contractor or another third party. It is however both common and permitted to use such organizations for developing and maintaining the organization's federation solutions (eg. an IdP) as long as the third party has the ability to individually represent each member with (at least) one entity per member. An example of this is a third party having an IdP solution that can act as multiple virtual/logical IdP's with unique entity id's.   

Scope

For IdP solutions in SAML metadata, the values of the metadata element Scope needs to be associated with the organization. More on Scope here

  • No labels
Write a comment...