Child pages
  • Research and Scholarship Entity Metadata
Skip to end of metadata
Go to start of metadata

Entity Metadata for the R&S Category

Research & Scholarship (R&S) SPs and IdPs are tagged in metadata with entity attributes. The entity attribute for R&S SPs simply means "I meet the requirements of the R&S category" (as outlined on the SP support page for R&S) while the entity attribute for R&S IdPs means "I support R&S" (as defined on the IdP support page for R&S).

All R&S entity attributes have one of two standard attribute names:

For R&S SPs: http://macedir.org/entity-category

For R&S IdPs: http://macedir.org/entity-category-support

The semantics of the above attribute names are specified by: The Entity Category SAML Entity Metadata Attribute Type (draft-macedir-entity-attribute-00.xml).

There are two possible R&S entity attribute values used in the InCommon Federation:

http://refeds.org/category/research-and-scholarship

http://id.incommon.org/category/research-and-scholarship


InCommon-only R&S deprecated

The http://id.incommon.org/category/research-and-scholarship entity attribute value has been deprecated, and InCommon no longer issues it. Some entities, however, still retain this value.

The semantics of each entity attribute are described in the following sections.

R&S Entity Attribute for SPs

All R&S SPs satisfy the requirements of the REFEDS R&S Entity Category and therefore every R&S SP carries the refeds.org R&S entity attribute value in its metadata. For backwards compatibility, an R&S SP also carries the legacy incommon.org R&S entity attribute value and therefore every R&S SP has the following multivalued entity attribute in metadata (whitespace and comments added for readability):

A multivalued entity attribute for R&S SPs
<mdattr:EntityAttributes xmlns:mdattr="urn:oasis:names:tc:SAML:metadata:attribute">
  <!-- multivalued entity attribute for R&amp;S SPs -->
  <saml:Attribute
      xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion"
      NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"
      Name="http://macedir.org/entity-category">
    <!-- the incommon.org R&amp;S entity attribute value -->
    <saml:AttributeValue>
      http://id.incommon.org/category/research-and-scholarship
    </saml:AttributeValue>
    <!-- the refeds.org R&amp;S entity attribute value -->
    <saml:AttributeValue>
      http://refeds.org/category/research-and-scholarship
    </saml:AttributeValue>
  </saml:Attribute>
</mdattr:EntityAttributes>

The legacy incommon.org R&S entity attribute value is included in SP metadata for backwards compatibility only.

Exporting the R&S entity attribute for SPs to eduGAIN

Note well that the legacy incommon.org R&S entity attribute value shown above is filtered from SP metadata exported to eduGAIN. Only the refeds.org R&S entity attribute value is exported to eduGAIN.

An IdP configuration SHOULD NOT rely on the incommon.org R&S entity attribute value in SP metadata

Use of the legacy incommon.org R&S tag to configure attribute release policy at the IdP is deprecated. Eventually this tag will be removed from all SP metadata although a timeline for doing so has not yet been determined.

Recommended configuration options for R&S IdPs are documented elsewhere in this wiki.

An R&S SP that satisfies the requirements of the REFEDS R&S Category is shown in green on the Entity Categories info page.

Note: The InCommon Registrar is authoritative for the above entity attribute. There is nothing an SP owner needs to do to manage this entity attribute.

R&S Entity Attributes for IdPs

IdPs in the InCommon Federation support the Research & Scholarship category in one of two ways:

  1. Release the R&S attribute bundle to all R&S SPs, including R&S SPs in other federations
  2. Release the R&S attribute bundle to R&S SPs registered by InCommon only

These mutually exclusive support categories are indicated in IdP metadata by one of two entity attributes.

InCommon-only R&S deprecated

The http://id.incommon.org/category/research-and-scholarship entity attribute value has been deprecated, and InCommon no longer issues it. Some entities, however, still retain this value.

An IdP that releases attributes to all R&S SPs, including R&S SPs in other federations, has the following entity attribute in metadata (whitespace and comments added for readability):

An entity attribute for IdPs that support all R&S SPs globally
<mdattr:EntityAttributes xmlns:mdattr="urn:oasis:names:tc:SAML:metadata:attribute">
  <!-- entity attribute for IdPs that support R&amp;S SPs globally -->
  <saml:Attribute
      xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion"
      NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"
      Name="http://macedir.org/entity-category-support">
    <!-- the refeds.org R&amp;S entity attribute value -->
    <saml:AttributeValue>
      http://refeds.org/category/research-and-scholarship
    </saml:AttributeValue>
  </saml:Attribute>
</mdattr:EntityAttributes>

An IdP that releases attributes to R&S SPs registered by InCommon only has the following entity attribute in metadata (whitespace and comments added for readability):

An entity attribute for IdPs that support R&S SPs registered by InCommon only
<mdattr:EntityAttributes xmlns:mdattr="urn:oasis:names:tc:SAML:metadata:attribute">
  <!-- entity attribute for IdPs that support R&amp;S SPs registered by InCommon -->
  <saml:Attribute
      xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion"
      NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"
      Name="http://macedir.org/entity-category-support">
    <!-- the incommon.org R&amp;S entity attribute value -->
    <saml:AttributeValue>
      http://id.incommon.org/category/research-and-scholarship
    </saml:AttributeValue>
  </saml:Attribute>
</mdattr:EntityAttributes>

The incommon.org R&S entity attribute value in IdP metadata has no meaning outside the InCommon Federation.

Exporting the R&S entity attribute for IdPs to eduGAIN

Although the incommon.org R&S entity attribute value shown above is exported to eduGAIN, it has no recognized semantics outside the InCommon Federation. Only IdPs that release attributes to all R&S SPs globally are recognized as R&S IdPs by the international R&E community.

The fact that the R&S entity attribute in IdP metadata is single-valued has consequences for certain SPs.

The R&S entity attribute in IdP metadata is single-valued

An SP that depends on the R&S entity attribute in IdP metadata must take into account the fact that an R&S IdP will carry either the incommon.org R&S tag or the refeds.org R&S tag but not both.

In other words, if an SP deployment is configured to recognize the incommon.org R&S tag in IdP metadata, it should be configured to recognize the refeds.org R&S tag as well.

An R&S IdP that supports global R&S is shown in green on the Entity Categories info page.

NoteThe IdP owner is authoritative for the above entity attributes. An IdP indicates its willingness and ability to support R&S by following the steps on the IdP support page for R&S.

  • No labels