Versions Compared

Old Version 22

changes.mady.by.user trscavo@internet2.edu

Saved on

compared with

New Version Current

changes.mady.by.user trscavo@internet2.edu

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Frequently Asked Questions about the R&S Category

Table of Contents
minLevel

...

3

General FAQs

Which services are eligible for the Research & Scholarship category?

Candidates for the R&S category include Service Providers InCommon service providers that support research and scholarship as an essential component. For example, a service providing tools for both multi-institutional research collaboration and instruction is eligible as a candidate for the R&S category.

InCommon reviews all applications from potential R&S Service Providers. The InCommon Technical Advisory Committee (TAC) and the InCommon Steering Committee also review and approve the requestsservice providers. Visit the Federation Info pages for a complete list of all R&S SPsservice providers.

...

What is the R&S attribute bundle?

The R&S category defines the following attribute bundle:

  • personal identifiers: e-mail address, person name, eduPersonPrincipalName
  • pseudonymous identifier: eduPersonTargetedID
  • affiliation: eduPersonScopedAffiliation

where e-mail address refers to the mail attribute and person name refers to displayName and optionally givenName and surName.

InCommon IdPs are strongly encouraged to release some a bundle of attributes that SPs choose from. InCommon identity providers that support R&S release a minimal subset of this attribute bundle to R&S category SPs. See the R&S Category Attributes section of the main R&S page for more details.

...

For details, see the deployment considerations for IdPs wiki page.

Where can I find complete information on the Research & Scholarship Category?

The Research and Scholarship Category home page has detailed information and additional links.

FAQs for SPs

What if my R&S SP doesn't require all the attributes in the R&S bundle?

InCommon highly recommends that SPs take a minimalist approach to attributes. In metadata, list only requesting those requested attributes that they you absolutely need. IdPs are encouraged to implement a default policy that releases the R&S attributes to SPs in the R&S category. This requires a one-time change to the IdP's deployment configuration. If you are interested, we've provided more-detailed implementation guidance for IdPs on this wiki. As a side note, a number of IdPs intend to release these attributes to all SPs by default.Some IdPs will actually use the list of requested attributes in metadata to limit the attributes released to you just-in-time.

What if a user wants to access my service but that user's IdP does not release the attributes my service needs?

To have an IdP added to the list of IdPs that support R&S, contact us at admin@incommon.org. We will reach out to the site admins for that IdP on your behalf.

FAQs for IdPs

Do I need to configure my IdP to release attributes to each and every R&S SP?

No. A one-time configuration is all that's needed. Let me try to explain.

Today most IdPs configure their attribute release policies around the SP's entity ID (i.e., on an SP-by-SP basis). Every time you type an entity ID into your IdP software configuration, you paint yourself into an ever-smaller corner. To better scale the Federation, we are recommending recommend that IdPs type more general configure their attribute release policies using entity attributes into their configurations instead of entity IDs. This leads to a more robust deployment that is much easier to maintain.

What is an entity attribute?

Once an SP becomes an R&S SP, it receives the R&S entity attribute in metadata. You can support a single R&S SP by configuring its entity ID into your IdP software configuration, or you can support all R&S SPs by configuring the corresponding entity attribute. The latter scales better since it is a one-time configuration change.

What are the

...

deployment options at the IdP?

An IdP has at least three options (in increasing order of deployment difficulty):

...

See the R&S

...

wiki page for IdPs.

How do I configure my IdP to release the absolute minimum attributes required?

If your software supports it, you can release a dynamic subset of the R&S

...

attribute bundle based on the list of requested attributes in SP metadata.

How do I get my IdP on the official list of IdPs that support R&S?

Once you've configured your IdP to release the R&S attribute bundle, you declare your IdP's ability to support R&S by submitting a short form. Normally such an IdP would be added to the list within one business day

The Shibboleth IdP software supports either of the first two options out-of-the-box. The latter option requires a special plugin at the Shibboleth IdP. No other IdP software is known to support entity attributes at this time.

Does the release of these attributes violate FERPA or other compliance requirements?

We do not believe so. We have worked with university counsels, registrars, and associate provosts to review these and found no issues to date. We have summarized our belief on the wiki. We encourage campuses to reach out and talk to someone that has implemented R&S for further information.

Where can I find complete information on the Research & Scholarship program?

There is detailed information on the Research and Scholarship Category elsewhere in this wiki.