You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 2 Next »

Introduction

The '''Hide From Discovery''' entity category is a category of Identity Providers that are intended not to be shown on discovery interfaces by default.

Definition

Candidates for the ''Hide From Discovery'' entity category are Identity Providers that are intended not to be shown on discovery interfaces, at least not by default (i.e., without the user or the deployer of the discovery service taking extra steps).

Here are some typical situations where an Identity Provider (IdP) might not appear on a discovery interface:

  • An IdP may not be a production IdP and as such is not ready to be accessed by the general population of end users.
  • An IdP may have a display name similar to another IdP (e.g., "Example University (test)" vs. "Example University") and therefore user experience would be improved if one of the IdPs was not shown on the discovery interface
  • Access to an IdP might be limited to certain network ranges (e.g., management networks for the Identity Provider's staff) and therefore user experience would suffer if such an entity were selected from outside that network range.
  • An IdP may be experiencing an extended period of technical difficulties, during which time the registrar might choose to tag the IdP with the ''Hide From Discovery'' entity attribute.

Syntax

The following URI is used as the attribute value for the ''Hide From Discovery'' entity attribute:

http://refeds.org/category/hide-from-discovery

Semantics

A member of the ''Hide From Discovery'' entity category is an Identity Provider that is intended not to be shown on discovery interfaces. Deployers of discovery services may choose to hide such an IdP on its discovery interface.

Registration Criteria


The source of this attribute value is unspecified. For example, it may be self-asserted by the Identity Provider operator or asserted by the registrar.

Examples


An example of the ''Hide From Discovery'' entity attribute for an Identity Provider:

 <EntityDescriptor xmlns="urn:oasis:names:tc:SAML:2.0:metadata" entityID="https://institution.example.com/idp">
   <Extensions xmlns:mdattr="urn:oasis:names:tc:SAML:metadata:attribute">
     <mdattr:EntityAttributes xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">
       <saml:Attribute Name="http://macedir.org/entity-category" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
         <saml:AttributeValue>http://refeds.org/category/hide-from-discovery</saml:AttributeValue>
       </saml:Attribute>
     </mdattr:EntityAttributes>
   </Extensions>
   ...
 </EntityDescriptor>

Usage

Security Considerations

 

  • No labels