en:mrps

Metadata Registration Practice Statement

  • Federation name: eduID.cz
  • Federation operator: CESNET, z. s. p. o.
  • Federation web page: http://www.eduid.cz/

Date of last change: 2012-01-30

Common Practices

An organisation becomes a member of the federation by registering an administrative contact - a person (one or more), which represents the organisation in its communication with the operator of the eduID.cz federation. The administrative contacts are responsible for metadata registration.

To register an administrative contact it is necessary to fill in an appointment form, have it signed and stamped by the statutary body of the organisation and send the signed original by mail to the federation operator.

The administrative contact can appoint technical contacts within the organisation. The technical contacts are responsible for the technical implementation and are allowed to register metadata as well.

An organisation becomes a part of the federation, when the respective administrative contact publishes its metadata and the operator of the federation verifies it and includes it in the federation metadata.

The federation adopts the opt-in model for participating in eduGAIN. An entity must explicitly agree to be connected to eduGAIN before its metadata are included in the metadata exposed to the eduGAIN interfederation.

Practices on Identity Provider Registration

Only academic organisations within Czech Republic are allowed to operate identity providers in eduID.cz.

Identity provider metadata are submitted by responsible contacts (administrative or technical) via email with a valid S/MIME signature. The certificate used for the S/MIME signature must be issued to the person appointed as a contact. It must be issued by a CA accepted by eduID.cz and must contain the registered email of the contact.

Practices on Service Provider Registration

Service provider metadata are submitted by responsible contacts (administrative or technical) via email with a valid S/MIME signature. The certificate used for the S/MIME signature must be issued to the person appointed as a contact. It must be issued by a CA accepted by eduID.cz and must contain the registered email of the contact.

An alternative way of secure metadata registration exists, if it is not possible to use signed emails. Metadata are sent by email and at the same time a metadata waybill containing the contact's signature and the SHA1 hash of the metadata file need to be sent by fax or mail. Metadata are then verified against the SHA1 hash and the contact's signature is checked against the respective signature on the appointment form.

Last modified: 2017/02/10 07:02