spaces.at.internet2.edu has been upgraded to Confluence 6.15.10. If you have any questions and/or concerns, please contact us at techsupport@internet2.edu
Page tree
Skip to end of metadata
Go to start of metadata

Jump to: 

An identity provider (IdP) supports the Research and Scholarship (R&S) category by release a minimal set of user directory information to qualified R&S service providers (SP) and self-assert that support via the Federation Manager management portal. Follow these steps:

1 -  Release basic user directory information

The Research and Scholarship category is created to ensure that users accessing academic resources have a successful experience the first and every time. A key ingredient of that seamless experience is to make sure the academic resources, or R&S service providers, have the necessary user information at sign-in time to identity the user, provision access and maintain communication. 

To accomplish that objective, The REFEDS R&S category specifies a minimum set of user attributes that a qualifying identity provider shares, and that a qualified R&S service provider agrees to keep safe. To support R&S, An (IdP) must release at least the following attributes for users participating in cross-organization research and scholarly collaboration activities:  

  • eduPersonPrincipalName
  • mail
  • displayName OR (givenName AND sn)
  • (eduPersonTargetedID)

To ensure proper identity binding , an IdP must release a non-reassigned persistent identifier. If your implementation of eduPersonPrincipalName meets that requirement, it will suffice. Otherwise, you MUST also release eduPersonTargetedID (which is non-reassigned by definition) in addition to eduPersonPrincipalName. We recommend releasing both.

search-small Learn more: read the REFEDS R&S entity category specification

Releasing information for only a subset of your users

When configuring release rules, the R&S category does not require you to release information for all of your users. It is sufficient to release information for users who are likely to participate in cross-organization scholarly collaboration. Remember: overly strict release rules causes you to have to frequently process exception release requests. It defeats the goal of enabling seamless, on-demand access to research and scholarly collaboration.  

If you have user information release consent mechanism in place, it may be a good way to mitigate the manual exception release handling requests. 

2 - Configuring IdP to release R&S attributes

See: ConfigureIdP to release R&S attributes

3 - Declare Support for R&S in Federation Manager

Once you have configured your IdP to release the appropriate attributes. Let others in the federations know about it by tagging your IdP with the "Support R&S" entity attribute in Federation Manager. To learn how, see Declare your support for R&S in Federation Manager.

Check these items while you are in Federation Manager

As you make updates to your IdP metadata in Federation Manager, it is a good time to double check that your IdP has current MDUI information (display name, logo URL, privacy statement, information URL, etc.) and contact information.

In addition, add your Error Handling URL to your metadata. It lets SPs direct the user back to you for assistance should s/he encounter trouble signing into a R&S SP because the necessary attributes aren't there at sign-in time. 

Further reading

  • No labels