cs:tech:metadata-profile [eduID.cz]

SAML entities of eduID.cz members provide their metadata conforming to and . In addition, their metadata must fulfill to the requirements specified in this document.

PrefixNamespace URL

the root element must contain the attribute
1. must be defined as a URL with scheme
2. hostname in URL must be a fully qualified domain name (IP address, „localhost“ and other reserved domain names according to RFC are not acceptable)
endpoints
1. must be defined as URLs with the scheme
2. their hostnames must be provided as fully qualified domain names
3. the hostnames must be registered by the organization operating the pertinent Entity
public keys of Entities
1. should be provided as self-signed X.509 certificates (Note: eduID.cz stops publishing an EntityDescriptor as soon as the validity of any of its certificates becomes shorter than 30 days)
2. should be RSA public keys with minimal length of 2048 bites
element
1. Every must contain exactly one element
2. describes organization operating the Entity, not project names, department names - for those use mdui elements
3. must contain element with the official name of the organization operating the Entity in English and in Czech, usage of abreviation is strongly unrecommended
4. must contain element with the commonly recognized name of the organization operating the Entity in English and in Czech, usage of abreviation and legal form is strongly unrecommended
5. must contain element specifying the location with additional information about the organization operating the Entity in English and in Czech
1. every must contain at least one element with „“ containing , and refering to a technical contact person with a working email address
Role Descriptors
1. each , , should contain with containing at least the following elements:
  1. with the display name of the entity in English and in Czech, usage of abreviation and legal form is strongly unrecommended
  2. with the description name of the entity in English and in Czech

1. must contain containing
  - the value of must be unique - preferably the main registered DNS domain of the organization operating the pertinent IdP
2. at least one
  - at least one must be
  - at least one should be , it is strogly advised to support persistent NameIDFormat
3. must contain with containing
  1. with the commonly recognized name of the organization operating the Entity in English and in Czech
    - usage of abreviation is strongly unrecommended
    - usage of legal form is strongly unrecommended
    - if there are any organization units, they should be writen from most significant to less significant (ie. CESNET, Department of Standartization)
  2. with short description of the purpose of IdP in English and in Czech
  3. with URL holding more informations about the IdP in English and in Czech, not about the organization running the IdP
  4. with HTTPS (!) URL holding logo of the organization operating the Entity
    - English and Czech version of the logo is posible if needed
    - there should be at least one version of the logo disignated to operated by eduID.cz with height 40px
  5. entity requesting to be republished into eduGAIN must provide those elements

1. must contain with containing
  1. with the display name of the entity in English and in Czech, ussage of abreviation and legal form is strongly unrecommended
  2. with the description of the entity in English and in Czech
    - this information might be used at an IdP to inform users about purpose of the SP
  3. with URL holding more informations about the SP in English and in Czech, not about the organization running the SP
2. each should contain that lists all attributes requested by this SP as element with „“ for required attributes and „“ for just usefull attributes