InCommon metadata support

[Nick Roy <>]

On 26 Mar 2019, at 7:16, Cantor, Scott wrote:

> On 3/26/19, 8:02 AM, " on behalf of 
> Garmer, Jack - garmercj" < on behalf 
> of > wrote:
>>
>> So to clarify before passing this off to my manager, signing a DCV 
>> provided by the vendor is not the same as giving them
>> rights to our domain (i.e, DCV != Power of Attorney), correct?
>
> Maybe I don't know what it is you're doing, because the fact that you'd ask 
> that seems suspicious. What I'm talking about is InCommon asking you to 
> place a TXT record on your DNS to serve as an approval that a given domain 
> is authorized for use by another InCommon member asking to do so. If that's 
> not what you're talking about, then I don't know what it is you're being 
> asked to do.

Yes, you should not have to sign anything, and it's not remotely like a power 
of attorney. The InCommon RA staff would contact the vendor with a nonce that 
they'd ask them to place as a TXT record on the domain they intend to use in 
the entityID of the SP. The vendor would then have to work with someone at 
your organization to get the TXT record published. Then, InCommon staff 
verifies the existence of the matching record on the domain specified. The 
policy and process is described at: 
https://spaces.at.internet2.edu/display/TI/TI.53.1

Nick

>
> -- Scott

Attachment: signature.asc
Description: OpenPGP digital signature