When you need to reach out to another Sirtfi compliant entity, how should you grab their security contact info from the entity’s federation metadata? Below are details of a good method for doing so.
Use the REFEDS Metadata Explorer Tool (MET)
The REFEDS organisation collects the complete metadata registered by every R&E federation in the world and provides the MET tool to search it:
Click the Search Entities button on that page to bring up the search interface.
If you have the complete entity ID of the entity you wish to contact in hand, enter it in the “Search entity ID” field and click Submit.
Otherwise, you can choose an Entity Type, usually either IdP or SP, to narrow the result set. You might also choose the Entity Category of “https://refeds.org/sirtfi” if you wish to only attempt to contact a Sirtfi compliant site. Beyond that, use the Organization Name or Organization Display Name fields to narrow the result set. For example, to look up the IdP for a university in Chicago without being certain exactly how it is named, enter just “chicago” in either of those fields. The result list shows the complete entity ID and Organization Display Name of all matching entities.
Click on the entity ID of the one you think you’re looking for. This brings up some details of the entity’s metadata that can help you confirm whether you’ve got the right one. If it is, scroll down to the Contacts area. The security contact, if there is one, will be of type “other”. You can mouse over its displayed name to have your browser show the actual contact.
You can also click on the “view xml” button at the top right and search the displayed metadata for “security”. If you find
remd:contactType="http://refeds.org/metadata/contactType/security
within a ContactPerson element you’ve found the right one. The security contact address is usually given in an associated md:EmailAddress element.