Metadata Registration Practice Statement for Feide#

Version 1.0.2, last edited November 5th 2021.

Practices on Identity Provider Registration#

Feide operates a single Identity Provider on behalf of educational and research institutions in Norway. The Feide operational team manually maintains the metadata entry for this Identity Provider.

Users of the Feide Identity Provider select which institution to login on during the login process. Feide operates a opt-in model for institutions, where the institution must explicitly agree to accept eduGAIN connectivity before users are allowed to login through a given institution for any Service Provider within eduGAIN.

Before new institutions are connected to the eduGAIN through Feide Identity Provider, the following requirements must be fulfilled:

Institution sends a request to join Feide.
Institution fills out a registration form on the technical connectivity, user storage and user registration practices.
Institution signs the Feide Contract Part I and Part II, and sends it to Feide by postal mail.
Feide validates the gather information, and may inspect the user storage to review if requirements are fulfilled, before accepting the institution to be connected.
Institution explicitly requests to connect to eduGAIN services through the Feide Customer Portal.

Practices on Service Provider Registration#

Feide will only expose Service Providers to eduGAIN that are official services connected to the Feide federation production environment.

For a Service Provider to join the Feide federation, the following requirements must be met:

The Service provider must accept the terms and conditions in customer portal in order to publish a service.
The Service Provider must perform a technical test using the Feide Test Environment.
The Service Provider must fill out a registration form with necessary information about the service, including contact persons and attribute requirements.
The Service Provider provides SAML metadata to Feide.
Feide validates the provider information, including the attribute requirements, before accepting the Service Provider into the production environment.

Before the Service Provider is exposed to eduGAIN, the Service Provider also must fulfill these requirements:

The Service Provider must explicitly request to connect to eduGAIN through Feide.
Feide makes a sanity check that the setup is technically sound, and that the Service Provider consumes the eduGAIN metadata.

The metadata provided by the Service Provider will be manually processed by the Feide operational team, before being re-published through eduGAIN. For the Service Provider to make updates to the metadata entry, it must contact the Feide Helpdesk.

Feide Metadata Aggregate#

Feide maintains an aggregate of all metadata it exposes to eduGAIN:

Metadata

The metadata document signature can be validated using the following X.509 certificate: