Policy for listing IdPs in the UK federation Central Discovery Service (CDS)

A Discovery Service allows users wishing to authenticate to a service provider (SP) to select their home organisation's Identity Provider (IdP). The UK federation provides a Central Discovery Service (CDS) for SPs that do not run their own Discovery Service. The CDS is a web-based interface that presents users with a list of production IdPs and enables them to select or search for their home organisation.

In almost all cases there will only be one production IdP listed per organisation, usually notified to us by the organisation's Management Contact during IdP registration. Other IdPs that the organisation uses for testing or evaluation should be registered as "hidden" from the federation CDS. Such IdPs are not displayed by default in the CDS, but can be displayed and accessed by following the link labelled “All sites” at the foot of the CDS web page.

We recommend that a new IdP is initially registered as hidden, and made visible only after it has been thoroughly tested (for example, by testing against the UK federation Test SP). The UK federation is ultimately responsible for determining which production IdPs appear in the Central Discovery Service.

Technically, we mark hidden IdPs with the REFEDS Hide From Discovery Entity Category. SPs that run their own Discovery Service should be able to filter out IdPs with this element to produce a list of production IdPs.