...
InCommon is implementing a simplified and scalable approach for its member institutions to provide services that support research and scholarship activities. The approach is to implement a Research and Scholarship (R&S) category Category for service providers that is designed to facilitate attribute release decisions by identity providers
...
All InCommon SPs are already bound by a set of practices governing how they manage and use personal attributes. InCommon's R&S category Category defines additional set criteria that are designed to facilitate IdP policy decisions to release a controlled set of low-risk attributes to R&S SPs without local review for each SP. InCommon also provides metadata and technology tools to further facilitate automatic, but controlled, release of attributes to the R&S SPs, as well as aiding user support.
IDPs can simplify the management of their Attribute Release Policies by taking advantage of the R&S categoryCategory. With a one-time addition to their default release policies they can specify a set of attributes to release to all SPs that are in the R&S categoryCategory. This policy would apply to SPs that are added to the category in the future, without the IDP administrator having to make any changes.
...
The three traditional dimensions of the academic endeavor are: research & scholarship, instruction, and service. Candidates for the R&S category Category are those Service Providers that are specifically designed to support some aspect of research and scholarship; SPs aimed to enable instruction or service do not qualify for this category, even if they are intended for use by academics. Likewise, SPs that provide generalized services that have been or might be adopted for use in support of research and scholarship activities, but whose primary purpose is not research and scholarship, are not included in the R&S categoryCategory.
Whether an SP operator is commercial or non-commercial is not relevant to eligibility for the R&S categoryCategory, nor are any other aspects of how the service is implemented or operated, beyond the specific requirements noted below. It's all about purpose.
...
R&S Service Providers must resolve issues of non-compliance within a reasonable period of time from when they become aware of the issue. Failure to do so can result in revocation of their membership in the R&S categoryCategory.
R&S Category Attributes
InCommon IdPs are strongly encouraged to release the following attributes to R&S Category SPs:
...
To request membership in the R&S categoryCategory, a site administrator for the organization owning the SP completes a web form asserting compliance with the criteria. This initiates the following approval process:
...
When an SP is approved for the R&S categoryCategory,
- An entity attribute is inserted into metadata.
- The new R&S SP is added to a web page listing members of the R&S categoryCategory.
- An announcement is sent to the announce@incommon.org email list and/or the monthly newsletter.
...
It is expected that there will be little discussion or controversy over releasing these attributes to R&S SPs for faculty, researchers, and staff. These people already routinely share this information with their collaborators. Releasing attributes for students, however, is probably covered by the US FERPA law, and possibly by state law. There is a considered opinion, though, that it is perfectly legal to release FERPA Directory Information using Shibboleth/SAML. If a campus includes the R&S attributes in its list of Directory Information, then there should be no issue about releasing these attributes for students who have not opt'ed out under FERPA. In addition, some Registrars have concluded that the definition of the R&S category Category allows their campus to release Directory Information for every student (including those who have opt'ed out under FERPA).
Today, most IDPs use a default attribute release policy that releases just an opaque identifier. Campuses can choose to extend this default policy to release some or all of the R&S attributes to SPs in the R&S categoryCategory. Implementing this policy change is a one-time change to the IDP configuration.
...