Demonstrating ownership of a domain
Before a member organisation can register an entity (SP or IdP) with the UK federation, the federation's technical support team must be satisfied that the member has control of the domain name used in the entityID. In the case of an IdP registration, the member organisation must also control the domain in each scope.
We check that the legal name of the organisation (as established on joining the federation) matches the name given in the Registrant Name field of the WHOIS record. If it doesn't, the member organisation is asked to change the Registrant Name to match the organisation's legal name. If they can do this, then ownership and control of the domain name have been demonstrated.
A federation member can use a domain name belonging to another organisation if that organisation writes a letter to the federation giving permission for the use of the domain name. For the letter to be acceptable, the domain-owning organisation must be a legal entity who can themselves show ownership or control of the domain name. Please note that if the domain name is to be used in an IdP's entityID or scope, then the domain-owning organisation must also be a member of the UK federation.