...
DRAFT
...
-
...
Research
...
and
...
Scholarship
...
(R&S)
...
Category
...
Pilot
...
-
...
DRAFT
...
Table of Contents |
---|
...
|
...
|
Background
A growing number of Service Providers (SPs)
...
supporting
...
collaborative
...
Research
...
and
...
Scholarship
...
activities
...
are
...
joining
...
InCommon.
...
As
...
is
...
the
...
standard
...
practice
...
in
...
the
...
Higher
...
Education/Research
...
world,
...
collaboration
...
on
...
these
...
sites
...
involves
...
knowing
...
who
...
the
...
collaborators
...
are:
...
name,
...
email,
...
institutional
...
affiliation.
...
Unfortunately,
...
the
...
default
...
Attribute
...
Release
...
Policies
...
in
...
place
...
at
...
most
...
campus
...
Identity
...
Providers
...
(IdPs)
...
do
...
not
...
share
...
any
...
information
...
with
...
these
...
sites
...
without
...
local
...
review
...
of
...
the
...
SP's
...
purpose,
...
governing
...
policy,
...
and
...
operational
...
practices.
...
This
...
approach
...
is
...
simply
...
not
...
scalable
...
to
...
the
...
thousands
...
of
...
campus
...
IdPs
...
and
...
thousands
...
of
...
SPs
...
supporting
...
research
...
and
...
scholarship
...
that
...
we
...
anticipate
...
in
...
the
...
future.
...
It
...
is
...
already
...
a
...
serious
...
problem
...
for
...
the
...
big
...
Virtual
...
Organizations
...
and
...
Research
...
Labs;
...
the
...
hoped-for
...
explosion
...
of
...
smaller
...
collaboration
...
sites
...
housed
...
in
...
academic
...
departments
...
will
...
not
...
succeed
...
with
...
federation
...
unless
...
a
...
scalable
...
solution
...
is
...
developed.
...
InCommon
...
is
...
implementing
...
a
...
simplified
...
and
...
scalable
...
approach
...
to
...
this
...
problem
...
through
...
the
...
specification
...
of
...
a
...
"Research
...
and
...
Scholarship
...
(R&S)"
...
category
...
for
...
SPs.
...
All
...
InCommon
...
SPs
...
have
...
already
...
agreed
...
to
...
a
...
set
...
of
...
practices
...
governing
...
how
...
they
...
manage
...
and
...
use
...
personal
...
attributes.
...
To
...
qualify
...
for
...
inclusion
...
in
...
the
...
R&S
...
category,
...
SPs
...
comply
...
with
...
an
...
additional
...
set
...
of
...
criteria
...
that
...
are
...
designed
...
to
...
facilitate
...
IdP
...
policy
...
decisions
...
to
...
release
...
a
...
controlled
...
set
...
of
...
low-risk
...
attributes
...
to
...
R&S
...
SPs
...
without
...
local
...
review.
...
InCommon
...
provides
...
metadata
...
and
...
technology
...
tools
...
to
...
further
...
facilitate
...
automatic,
...
but
...
controlled,
...
release
...
of
...
attributes
...
to
...
the
...
R&S
...
SPs,
...
as
...
well
...
as
...
aiding
...
user
...
support.
...
This
...
...
...
...
...
...
will
...
include
...
a
...
small
...
number
...
of
...
SPs
...
and
...
IdPs
...
to
...
test
...
this
...
approach,
...
recommending
...
modifications
...
to
...
the
...
specifications
...
described
...
here,
...
as
...
appropriate.
...
The
...
following
...
are
...
the
...
participants
...
in
...
this
...
pilot:
...
- Service
...
- Providers
...
- TBA
- Identity Providers
- TBA
What Are Research and Scholarship Activities?
Wiki Markup |
---|
\[Tom Barton's text...\] |
...
Requirements for the R&S
...
Category
...
In
...
addition
...
to
...
the
...
requirements
...
outlined
...
in
...
the
...
...
...
...
...
,
...
Service
...
Providers
...
must
...
comply
...
with
...
the
...
following
...
requirements:
...
- The
...
- service
...
- enhances
...
- the
...
- research
...
- and
...
- scholarship
...
- activities
...
- of
...
- some
...
- subset
...
- of
...
- the
...
- InCommon
...
- community.
...
- The
...
- service
...
- requires
...
- a
...
- subset
...
- of
...
- R&S
...
- Category
...
- Attributes.
...
- (See
...
- below.)
...
- The
...
- service
...
- does
...
- not
...
- require
...
- out-of-band
...
- negotiation
...
- and/or
...
- contracts
...
- with
...
- IdPs.
...
- The
...
- service
...
- conforms
...
- to
...
- a
...
- specific
...
- subset
...
- of
...
- the
...
...
...
- published
...
- by
...
- InCommon.
...
- The
...
- SP
...
- is
...
- a
...
- production
...
- SAML
...
- deployment.
...
- The
...
- SP
...
- supports SAML V2.0
...
- Web
...
- Browser
...
- SSO.
...
- The
...
- SP
...
...
...
...
...
- at
...
- least
...
- daily.
...
- The
...
- SP's
...
- metadata
...
- has
...
- been
...
- provided
...
- to
...
- InCommon
...
- so
...
- that
...
- it
...
- can
...
- be
...
...
...
...
...
...
- on
...
- the
...
- InCommon
...
- public
...
- web
...
- site.
...
- The
...
- SP
...
- provides
...
- appropriate
...
...
...
...
...
- The SP provides its requested attributes in metadata, chosen from the R&S subset.
- The SP intelligently handles errors involving the release of requested attributes.
R&S Category Attributes
InCommon IdPs are strongly encouraged to release the following attributes to R&S Category SPs:
- name
(displayName,
givenName,
surName)
- e-mail address (mail)
- user identifier (
eduPersonPrincipalName,
eduPersonTargetedID)
- user role (
eduPersonScopedAffiliation)
R&S Category SPs may request other attributes, but those requests are not likely to be honored by IdPs unless there has been prior agreement with the IdP Operator. It is highly recommended that SPs use a minimalist approach to attribute requests.
Application for Inclusion in the R&S Category
To request membership in the R&S category, a site administrator for the organization owning the SP completes a web form asserting compliance with the criteria. This initiates the following approval process:
- InCommon Staff review the requests, interacting with the submitter and the InCommon Technical Advisory Council (TAC), as needed.
- Assuming a positive review, the Staff provide a one-paragraph summary recommending approval of the request to the InCommon Steering Committee and the TAC, asking for comments within one week.
- Approval or rejection of the request is determined by consensus by the review participants.
When an SP is approved for the R&S category,
- An entity attribute is inserted into metadata.
- The new R&S SP is added to a web page listing members of the R&S category.
- An announcement is sent to the announce@incommon.org email list and/or the monthly newsletter.
Policy Considerations for Identity Providers
Identity Providers are responsible for protection of the privacy of their community members' identity attributes. As such, they must be cautious when releasing those attributes to Service Providers. As can be seen above, the R&S Category has been restricted to the release of low-risk attributes to low-risk Service Providers with high value. Nevertheless, legislation such as FERPA, as well as local policy, may require further controls over attribute release by an IdP. For example, some students may have opted out of attribute release under FERPA.
Mechanisms for implementing such controls are described below in "Technical Considerations." In the interest of facilitating collaboration and sharing of resources for as broad a community as possible, however, it is recommended that such controls be applied with as small a scope as possible.
Technical Considerations
The following documents describe the technical considerations for participation in the R&S Category:
- Federation Metadata
- Service Providers
- There are no technical requirements for SPs, other than those described above in "Requirements for the R&S Category."
- Identity Providers
- DRAFT Guidance for IdPs