Toto je starší verze dokumentu!
Date of last change: 2012-01-30
An organisation becomes a member of the federation by registering an administrative contact - a person (one or more), which represents the organisation in its communication with the operator of the eduID.cz federation. The administrative contacts are responsible for metadata registration.
To register an administrative contact it is necessary to fill in an appointment form, have it signed and stamped by the statutary body of the organisation and send the signed original by mail to the federation operator.
The administrative contact can appoint technical contacts within the organisation. The technical contacts are responsible for the technical implementation and are allowed to register metadata as well.
An organisation becomes a part of the federation, when the respective administrative contact publishes its metadata and the operator of the federation verifies it and includes it in the federation metadata.
The federation adopts the opt-in model for participating in eduGAIN. An entity must explicitly agree to be connected to eduGAIN before its metadata are included in the metadata exposed to the eduGAIN interfederation.
Only academic organisations within Czech Republic are allowed to operate identity providers in eduID.cz.
Identity provider metadata are submitted by responsible contacts (administrative or technical) via email with a valid S/MIME signature. The certificate used for the S/MIME signature must be issued to the person appointed as a contact. It must be issued by a CA accepted by eduID.cz and must contain the registered email of the contact.
Service provider metadata are submitted by responsible contacts (administrative or technical) via email with a valid S/MIME signature. The certificate used for the S/MIME signature must be issued to the person appointed as a contact. It must be issued by a CA accepted by eduID.cz and must contain the registered email of the contact.
An alternative way of secure metadata registration exists, if it is not possible to use signed emails. Metadata are sent by email and at the same time a metadata waybill containing the contact's signature and the SHA1 hash of the metadata file need to be sent by fax or mail. Metadata are then verified against the SHA1 hash and the contact's signature is checked against the respective signature on the appointment form.
CESNET, z. s. p. o.
Generála Píky 26
16000 Praha 6
info@cesnet.cz
Tel: +420 234 680 222
GSM: +420 602 252 531
support@cesnet.cz