Question re: SP config to consume metadata

[Cantor, Scott]

On 4/30/14, 1:36 PM, "David Bantz" <dabantz at alaska.edu> wrote:
>
>2) Is this a reasonable approach for a non-InC service provider?  I
>suggested the alternative of joining InC, but the vendor isn¹t interested
>in putting their SP metadata in InC even though they want to use InC to
>get my IdP metadata.

That's just a basic issue of fairness. I've been much more successful
lately pushing back on statements like "not interested". It's worth a try.

That aside, if they choose not to join but still want to consume that
metadata, isn't it their job to ask how?

>The second vendor wants to use a similar SP config, but point the uri to
>instance of my metadata only (not the InC metadata provider).  They
>attempted to set this up with my entityID as the uri, but it¹s a name,
>not a url, so I can¹t see how that could work.  I suppose it could work
>if I agree to maintain an externally readable file of my IdP metadata.

Don't. It's one thing to do that for on-campus systems where you have
control and you might have reasons for wanting to decouple (and for not
relying on a system external to your network), but not for a vendor.

I run my own feed, but not for off-campus consumption.

-- Scott