Date: Fri, 29 Mar 2024 11:38:17 +0000 (UTC) Message-ID: <154624970.7901.1711712297769@ip-10-10-7-29.ec2.internal> Subject: Exported From Confluence MIME-Version: 1.0 Content-Type: multipart/related; boundary="----=_Part_7900_2122490441.1711712297766" ------=_Part_7900_2122490441.1711712297766 Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: quoted-printable Content-Location: file:///C:/exported.html
This article describes mechanics of tagging an entity in SAML metada= ta. See Research and Scholarship category for an introduct= ion.
To register your entity for Research and Scholarship (R&am= p;S) category, see:
For identity provider
Support Research and Schola=
rship category in identity provider
For service provider
Apply for Research and Scholarship category for service provider =
;
The <= code style=3D"text-decoration: none;">http://refeds.org/category/research-and-scholarship = span>entity attribute expresses qualification or support for the Research &= ; Scholarship (R&S) entity category, service providers (SP) and identit= y providers (IdP) in the SAML metadata. Because of the semantic differences= (an IdP "supports" R&S, where as a SP "qualifies" for R&S), the en= tity attribute is placed in slightly different places in the metadata:
A service provider satisfying the requirements of the REFEDS R&S Entity category qualifies for, or is a member =
of the Research and Scholarship entity category. In SAML metadata, this is =
expressed by adding a <saml:Attribute> name value pair with the attri=
bute name of http://macedir.org/entity-category
and attri=
bute value of http://refeds.org/category/research-and-scholarshi=
p
to the SP's metadata.
The semantics of entity attribute names are specified in The Entity Category SAML En= tity Metadata Attribute Type (draft-macedir-entity-attribute= -00.xml).
For backwards compatibility, an R&S SP also carries the legacy InCommon-only&nbs=
p;R&S entity attribute value (htt=
p://id.incommon.org/category/research-and-scholarship
). Every=
InCommon registered R&S SP has the following multivalued entity a=
ttribute in metadata:
<mdat= tr:EntityAttributes =20 xmlns:mdattr=3D"urn:oasis:names:tc:SAML:metadata:attribute"> <!-- multivalued entity attribute for R&S SPs --> <saml:Attribute xmlns:saml=3D"urn:oasis:names:tc:SAML:2.0:assertion" NameFormat=3D"urn:oasis:names:tc:SAML:2.0:attrname-format:uri" Name=3D"http://macedir.org/entity-category"> <!-- the incommon.org R&S entity attribute value --> <saml:AttributeValue> http://id.incommon.org/category/research-and-scholarship </saml:AttributeValue> <!-- the refeds.org R&S entity attribute value --> <saml:AttributeValue> http://refeds.org/category/research-and-scholarship </saml:AttributeValue> </saml:Attribute> </mdattr:EntityAttributes>
Legacy InCommon-only R&S entity at= tribute is not exported to eduGAIN
In addition to being deprecated, the http://id.incommon.org/category/research-and-scholarship=
span>
entity attribute value was only used in the InComm=
on Federation. It is filtered and excluded from SP metadata exported t=
o eduGAIN. Only the REFEDS R&S entity attribute value is exported =
to eduGAIN.
The InCommon Federation operator is the registration authority resp= onsible for tagging qualifying SP's with R&S entity attribute. Other th= an qualifying and applying for Research and Schola= rship category for service provider, there is nothing an SP operat= or needs to do to manage this entity attribute.
A identity provider (IdP) satisfying the requirements of the <=
a class=3D"external-link" href=3D"http://refeds.org/category/research-and-s=
cholarship">REFEDS R&S entity category is said to "support" Re=
search and Scholarship entity category. In SAML metadata, this is expressed=
by adding a <saml:Attribute> name value pair with the attribute name=
of http://macedir.org/entity-category-su=
pport
and attribute value of http://refeds.org/category/research-and-scholarship
to=
the SP's metadata.
An IdP asserting the REFEDS R&R entity attribute value agrees to&nbs= p;release the R&S attribute bundle to all R&= amp;S SPs, including R&S SPs in other federations.
<mdat= tr:EntityAttributes =20 xmlns:mdattr=3D"urn:oasis:names:tc:SAML:metadata:attribute"> <!-- entity attribute for IdPs that support R&S SPs globally = --> <saml:Attribute xmlns:saml=3D"urn:oasis:names:tc:SAML:2.0:assertion" NameFormat=3D"urn:oasis:names:tc:SAML:2.0:attrname-format:uri" Name=3D"http://macedir.org/entity-category-support"> <!-- the refeds.org R&S entity attribute value --> <saml:AttributeValue> http://refeds.org/category/research-and-scholarship </saml:AttributeValue> </saml:Attribute> </mdattr:EntityAttributes>
A deprecated, InCommon-only R&=
;S entity attribute (ht=
tp://id.incommon.org/category/research-and-scholarship)
expresses similar support for R&S attribute r=
elease, but only to to R&S SPs registered by InCommon only. =
;
<mda= ttr:EntityAttributes=20 xmlns:mdattr=3D"urn:oasis:names:tc:SAML:metadata:attribute"> <!-- entity attribute for IdPs that support R&S SPs=20 registered by InCommon --> <saml:Attribute xmlns:saml=3D"urn:oasis:names:tc:SAML:2.0:assertion" NameFormat=3D"urn:oasis:names:tc:SAML:2.0:attrname-format:uri" Name=3D"http://macedir.org/entity-category-support"> <!-- the incommon.org R&S entity attribute value --> <saml:AttributeValue> http://id.incommon.org/category/research-and-scholarship </saml:AttributeValue> </saml:Attribute> </mdattr:EntityAttributes>
Although it is exported to eduGAIN in an IdP's metadata, the I=
nCommon-only R&S entity attribute value has no recognized meaning outsi=
de the InCommon Federation. Only IdPs that release attributes to
The R&S entity attribute in IdP metadata is single-valued, whic mean= s an IdP can only support one R&S entity attribute (either REFEDS or In= Common-only) at a time. This decision affects service providers.
An SP that depe= nds on the R&S entity attribute in IdP metadata must take into account = the fact that an R&S IdP will carry either the InCommon-only R&S entity a= ttribute or the REFEDS R&S entity attribute but not both.
To maintain backward compatibility during transition to use the global (R= EFEDS) R&S entity attribute, the InCommon Federation automatical= ly tags its registered R&S SP with both values so that InCommon Fe= deration registered R&S SP automatically receives attributes from = either type of R&S IdP.
In other words, if an SP deployment is configured to recognize the incom= mon.org R&S tag in IdP metadata, it should be configured to recognize t= he refeds.org R&S tag as well.
The IdP owner is authoritative for= the R&S entity attribute. An IdP indicates its willingness and ab= ility to support R&S following steps outlined in Identit= y provider - support Research and Scholarship.
The Entity Categ= ory SAML Entity Metadata Attribute Type (draft-macedir-entit= y-attribute-00.xml)
REFEDS Research and Scholarship entity category specific= ation
Identity provider - support Research and Scholarship=
Service provider - apply for Research and Scho= larship category
Resea= rch and Scholarship FAQ
Comparing REFEDS and InCommon-only R and S categories= a>
Can't find what you are looking for?