...
- The service enhances the research and scholarship activities of some subset of the InCommon community.
- The service requires requests a subset of R&S Category Attributes and requests only those attributes it absolutely requiresneeds. (See below.)
- The service does not require out-of-band negotiation and/or contracts with IdPs.
- The service conforms to a specific subset of the Recommended Practices published by InCommon. :
- The SP is a production SAML deployment.
- The SP supports SAML V2.0 Web Browser SSO.
- The SP refreshes and verifies metadata at least daily.
- The SP's metadata has been provided submitted to InCommon so that it can be and published in a human-readable format on the InCommon public web site.
- The SP provides an
mdui:DisplayName
, one of numerous User Interface Elements in metadata - The SP provides appropriate contacts in the metadata.
- The SP provides requested attributes in metadata. (Note that a request for attributes outside of the R&S set will likely require prior agreement with IdP Operators.)
- The SP intelligently handles errors involving the release of requested attributes.
...
- name
(displayName,
givenName,
surName)
- e-mail address (
mail
) - user identifier (
eduPersonPrincipalName,
eduPersonTargetedID)
- user affiliation (
eduPersonScopedAffiliation)
R&S category SPs may request other attributes, but IdP Operators will likely require a prior agreement before releasing those additional attributes. It is highly recommended that SPs use a minimalist approach to attribute requestsattributes, requesting no attributes they do not absolutely need. In the future, if InCommon interfederates with federations in other parts of the world, IdPs in other countries may be operating under laws and regulations which that require a true minimalist approach.
...