Metadata registration practice statement Federation Name: Belnet federation Federation Operator: Belnet, Belgium Federation Web Page: http://federation.belnet.be Date of last change: 20120327 Common Practices ---------------- The IdP are Belnet's customers from the research and education (R&E) community, excluding the administrations and ministries of all levels. The SP are any companies that offers a service or content that fullfills the needs of Belnet's R&E community members, respecting the defined policy. All IdP and SP's administrators connect via https and authenticate via Belnet Customer's AAI to the Belnet federation's Metadata Manager [1], where the original information gets checked and stored in the Metadata Manager's database. It is later used for generating the Belnet federation's metadata. In addition, before the federation operator publishes metadata dedicated for interfederation, an institution has first to declare that its processes are ready for interfederation. Only then, its IdP and SP administrators will be able to declare that their respective entity is also technically ready to participate in interfederation. Practices on Identity Provider Registration ------------------------------------------- An IdP registering to the federation needs to be manually approved by a team member of the federation operator. Such approval requires: - a completed membership service agreement signed by official representative(s) of the newly participating institution; - elements and attributes to be registered must use a domain name of that institution. The administrators appointed specifically by that institution would then get an access to the Metadata Manager service where they would upload the metadata of the their IdP. After the approval, the federation operator publishes and maintains the federation's metadata. Subsequent changes to these elements and attributes do not require re-approval by the federation operator. Only, administrators appointed specifically by that institution can modify the IdP specific information. For interfederation, the entity must ask the federation operator to publish it for participation in eduGAIN. Practices on Service Provider Registration ------------------------------------------ Each SP must be manually approved by a team member of the federation operator in order to be registered with the federation. Such approval requires: - a completed membership service agreement signed by official representative(s) of the newly participating service provider; - elements and attributes to be registered must use a domain name of that service provider. The administrators appointed specifically by that SP would then get an access to the Metadata Manager service where they would upload the metadata of the their SP. After the approval, the federation operator publishes and maintains the federation's metadata. Subsequent changes to these elements and attributes do not require re-approval by the federation operator. Only, administrators appointed specifically by that SP can modify the SP specific information. For interfederation, the entity must ask the federation operator to publish it for participation in eduGAIN. Practices regarding metadata modifications ------------------------------------------ In Belnet federation, no metadata gets modified because the federation operator generates it on behalf of all entities acquired through the Metadata Manager service. The source for generating federation metadata is the Metadata Manager database. The details of a registering entity are entered by each IdP/SP administrator providing the necessary metadata information. A wizard will parse provided entity metadata to check the SAML2 syntax and the required content. The IdP/SP administrator also has to supply non-technical information like descriptions or support contacts. All technical and non-technical information is stored in a customer database. These informations will be used to generates the access credentials to the Metadata Manager system. [1] https://federation.belnet.be/re/md-mgmt/