Date: Thu, 28 Mar 2024 13:05:23 +0000 (UTC) Message-ID: <1921966212.6437.1711631123313@ip-10-10-7-29.ec2.internal> Subject: Exported From Confluence MIME-Version: 1.0 Content-Type: multipart/related; boundary="----=_Part_6436_937531921.1711631123312" ------=_Part_6436_937531921.1711631123312 Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: quoted-printable Content-Location: file:///C:/exported.html
This document attempts to identify the differences between the InCommon = Research & Scholarship Category and the REFEDS Research &a= mp; Scholarship Entity Category. The latter was formally adopted by the= REFEDS communi= ty in February 2014. The REFEDS R&S specification was revised to V1.2 o= n November 28, 2014.
|
InCommon R&S Requirement |
REFEDs R&S Requirement |
---|---|---|
1 |
[Participation Agre= ement, section 9] Participant agrees to respect the privacy of and= any other constraints placed on identity information that it might receive= from other InCommon Participants as agreed upon between Participant and th= e InCommon Participant(s). In particular, Participant understands that it m= ay not permanently store nor share or disclose or use for any purpose other= than its intended purpose any identity information that it receives from a= nother InCommon Participant without express written permission of the other= InCommon Participant. Participant understands that the storing and sharing= of resources is between the Participant and the InCommon Participant(s) an= d is not the responsibility of InCommon. |
A "Service Provider claims that it will not u= se attributes for purposes that fall outside of the service definition." |
2 |
"Whether an SP operator is commercial or non-= commercial is not relevant to eligibility for the R&S Category, nor are= any other aspects of how the service is implemented or operated, beyond th= e specific requirements noted below. It's all about purpose." |
"This Entity Category should not be used for = access to licensed content such as e-journals." |
3 |
"...because of the risk involved, a Service P= rovider that engages subjects in experiments that require specific oversigh= t is not eligible for the R&S Category." |
NA |
4 |
"The SP provides an mdui:DisplayName in metad= ata..." |
"The Service Provider provides an mdui:Displa= yName and mdui:InformationURL in metadata." |
5 |
"The SP provides Technical and Administrative= contacts in metadata." |
"The Service Provider provides one or more te= chnical contacts in metadata." |
6 |
"R&S category SPs may request other attri= butes, but IdP operators will likely require a prior agreement before relea= sing additional attributes." "It is therefore highly recommended that SPs use a minimalist approach= to attributes, only requesting those attributes that they absolutely need.= " |
"Service Providers SHOULD request a subset of= R&S Category Attributes that represent only those attributes that the = Service Provider requires to operate its service." |
7 |
|
|
[Item 1] Here is the relevant phrase from the Part= icipation Agreement:
Participant understands that it may not permanently store nor share or d= isclose or use for any purpose other than its intended purpose any identity= information that it receives from another InCommon Participant without exp= ress written permission of the other InCommon Participant.
Compare the above passage with the following quote from the REFEDS R&= ;S Category specification:
Service Provider claims that it will not use attributes for purposes tha= t fall outside of the service definition.
The primary distinction is that the former is included in a signed legal= agreement while the latter is self-asserted by the service owner. See, for= example, the R&S application form used by = InCommon.
[Item 2] While the InCommon R&S Category keeps= the door open to commercial services, the REFEDS R&S Category seems to= explicitly rule them out.
[Item 3] Prior to October 27, 2014, the InCom= mon R&S Category had the following requirement:
a Service Provider that engages subjects in experiments that require spe= cific oversight is not eligible for the R&S Category.
This refers to research that would require Institutional Review Board (I= RB) approval. Following the recommendations of both the Technical Advisory = Committee and the Steering Committee, this requirement was removed from the= InCommon R&S Category on October 27, 2014.
[Item 4] All but one InCommon R&S SP already h=
as an mdui:InformationURL
in metadata so this particular diffe=
rence between the two specifications is irrelevant.
[Item 5] InCommon already requires both technical = and administrative = contacts in metadata, for all SPs and IdPs.
[Item 6] The REFEDs R&S specification has two = requirements regarding requested attributes in metdata:
The Service Provider provides requested attributes in metadata.
Service Providers SHOULD request a subset of R&S Category Attributes= that represent only those attributes that the Service Provider requires to= operate its service.
For clarity, these two requirements are broken into three parts on the <= a href=3D"/display/InCFederation/Research+and+Scholarship+Application+Form+= for+Service+Providers">R&S application form:
In particular, the latter is a strict requirement for all InCommon R&= ;S SPs, which goes beyond the REFEDS R&S requirements.
Obviously, the entity attribute value for InCommon R&S is different = than the entity attribute value for REFEDS R&S. In the short term, the = goal is for all InCommon R&S SPs to have a multivalued entity attribut= e in metadata, that is, each SP will satisfy the requirements of bo= th InCommon R&S and REFEDS R&S (which is possible sin= ce the gap between them is small). Once all R&S SPs have a multivalued = entity attribute in metadata, all InCommon R&S IdPs will be encouraged = to migrate their configurations to the REFEDS R&S entity attribute, tha= t is, to release the R&S attribute bundle to all R&S SPs, glo= bally.