...
InCommon is implementing a simplified and scalable approach to this problem through the specification of a "Research and Scholarship (R&S)" category for SPs. All InCommon SPs have already agreed to a set of practices governing how they manage and use personal attributes. To qualify for inclusion in the R&S category, SPs comply with an additional set of criteria that are designed to facilitate IdP policy decisions to release a controlled set of low-risk attributes the R&S SPs without per-SP review. InCommon provides metadata and technology tools to further facilitate automatic, but controlled, release of attributes to the R&S SPs, as well as aiding user support.
The This Research and Scholarship (R&S) Category Pilot will include a small number of SPs and IdPs to test this approach, recommending modifications to the specifications described here, as appropriate.
...
- An entity attribute is inserted into metadata.
- The new R&S SP is added to a web page listing members of the R&S category.
- An announcement is sent to the announce@incommon.org email list and/or the monthly newsletter.
Policy Considerations for Identity Providers
Identity Providers are responsible for protection of the privacy of their community members' identity attributes. As such, they must be cautious when releasing those attributes to Service Providers. As can be seen above, the R&S Category has been restricted to the release of low-risk attributes to low-risk Service Providers with high value. Nevertheless, legislation such as FERPA, as well as local policy, may require further controls over attribute release by an IdP. For example, some students may have opted out of attribute release under FERPA.
Mechanisms for implementing such controls are described below in "Technical Considerations." In the interest of facilitating collaboration and sharing of resources for as broad a community as possible, however, it is recommended that such controls be applied with as small a scope as possible.
Technical Considerations
The following documents describe the technical considerations for participation in the R&S Category:
- Federation Metadata
- Service Providers
- There are no technical requirements for SPs, other than those described above in "Requirements for the R&S Category."
- Identity Providers
- DRAFT Guidance for IdPs