Versions Compared

Old Version 3

changes.mady.by.user trscavo@internet2.edu

Saved on

compared with

New Version Current

changes.mady.by.user trscavo@internet2.edu

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Migration of unmigrated content due to installation of a new plugin

...

The InCommon R&S Category vs. the REFEDS R&S Category

This document attempts to identify the differences between the InCommon Research and & Scholarship Category and the REFEDS Research and & Scholarship Entity Category. The latter was formally adopted by the REFEDS community in February 2014. The REFEDS R&S specification was revised to V1.2 on November 28, 2014.

Advanced Tables - Table Plus
columnAttributesstyle="vertical-align:middle;",style="width:60%;vertical-align:middle;",style="width:40%;vertical-align:middle;"

 

InCommon R&S Requirement

REFEDs R&S Requirement

<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version=" 1 " ac:macro-id="8d19e80f-75a6-4f78-b46a-14ca34653297"><ac:plain-text-body><![CDATA[

[Participation Agreement [PA, section 9] Participant agrees to respect the privacy of and any other constraints placed on identity information that it might receive from other InCommon Participants as agreed upon between Participant and the InCommon Participant(s). In particular, Participant understands that it may not permanently store nor share or disclose or use for any purpose other than its intended purpose any identity information that it receives from another InCommon Participant without express written permission of the other InCommon Participant. Participant understands that the storing and sharing of resources is between the Participant and the InCommon Participant(s) and is not the responsibility of InCommon.

A "A registrar Service Provider claims that ...The Service Provider it will not use attributes released for purposes that fall outside of the R&S service definition."

]]></ac:plain-text-body></ac:structured-macro> 2

"Whether an SP operator is commercial or non-commercial is not relevant to eligibility for the R&S Category, nor are any other aspects of how the service is implemented or operated, beyond the specific requirements noted below. It's all about purpose."

"This Entity Category should not be used for access to licensed content such as e-journals."

3

"...because of the risk involved, a Service Provider that engages subjects in experiments that require specific oversight is not eligible for the R&S Category."

NA

4  

"The SP provides an mdui:DisplayName in metadata..."

"The Service Provider provides an mdui:DisplayName and mdui:InformationURL in metadata."

5

"The SP provides Technical and Administrative contacts in metadata."

"The Service Provider provides one or more technical contacts in metadata."

6

"R&S category SPs may request other attributes, but IdP operators will likely require a prior agreement before releasing additional attributes."

HTML
<hr>
"It is therefore highly recommended that SPs use a minimalist approach to attributes, only requesting those attributes that they absolutely need."

"Service Providers SHOULD request a subset of R&S Category Attributes that represent only those attributes that the Service Provider requires to operate its service."

7

http://id.incommon.org/category/research-and-scholarship

http://refeds.org/category/research-and-scholarship

Privacy

[Item 1] Here is the relevant phrase from the Participation Agreement:

Participant understands that it may not permanently store nor share or disclose or use for any purpose other than its intended purpose any identity information that it receives from another InCommon Participant without express written permission of the other InCommon Participant.

Compare the above passage with the following quote from the REFEDS R&S Category specification:

Service Provider claims that it will not use attributes for purposes that fall outside of the service definition.

The primary distinction is that the former is included in a signed legal agreement while the latter is self-asserted by the service owner. See, for example, the R&S application form used by InCommon.

Commercial Services

[Item 2] While the InCommon R&S Category keeps the door open to commercial services, the REFEDS R&S Category seems to explicitly rule them out.

Human Subjects Research

[Item 3] Prior to October 27, 2014, the InCommon R&S has Category had the following additional requirement:

a Service Provider that engages subjects in experiments that require specific oversight is not eligible for the R&S Category.

This refers to research that would require Institutional Review Board (IRB) approval. Note that both TAC and Steering previously agreed to remove this requirement, but final action was never taken. Given the consensus among TAC and Steering members to remove the IRB-related statement, the migration to REFEDs R&S provides an opportunity to finalize that action.

Privacy

The following privacy-related REFEDs requirement is problematic:

A registrar claims that…The Service Provider will not use attributes released for purposes that fall outside of the R&S definition.

REFEDs is currently considering the following reformulation of the above requirement:

  1. Remove section 3.2.
  2. Add section 4.3.6: "The Service Provider claims that it will not use attributes for purposes that fall outside of the service definition."

Requested Attributes

Following the recommendations of both the Technical Advisory Committee and the Steering Committee, this requirement was removed from the InCommon R&S Category on October 27, 2014.

User Interface Elements

[Item 4] All but one InCommon R&S SP already has an mdui:InformationURL in metadata so this particular difference between the two specifications is irrelevant.

Contacts in Metadata

[Item 5] InCommon already requires both technical and administrative contacts in metadata, for all SPs and IdPs.

Requested Attributes

[Item 6] The REFEDs R&S specification has two requirements regarding requested attributes in metdataIt’s difficult (if not impossible) to reconcile these two REFEDs R&S requirements:

The Service Provider provides requested attributes in metadata.

Service Providers SHOULD request a subset of R&S Category Attributes that represent only those attributes that the Service Provider requires to operate its service.

The latter requirement implies the use of the isRequired XML attribute in SP metadata but InCommon intentionally does not support this XML attribute.

REFEDs is currently considering the following reformulation of the above requirement:

...

For clarity, these two requirements are broken into three parts on the R&S application form:

  1. [True/False] My service provides requested attributes in metadata.
  2. [Yes/No] Are the requested attributes in metadata a subset of the R&S attribute bundle? (Note: This is highly RECOMMENDED otherwise a bilateral agreement with each IdP may be required.)
  3. [True/False] My service requests only those attributes required to operate the service.

In particular, the latter is a strict requirement for all InCommon R&S SPs, which goes beyond the REFEDS R&S requirements.

Entity Attributes

Obviously, the entity attribute value for InCommon R&S is different than the entity attribute value for REFEDS R&S. In the short term, the goal is for all InCommon R&S SPs to have a multivalued entity attribute in metadata, that is, each SP will satisfy the requirements of both InCommon R&S and REFEDS R&S (which is possible since the gap between them is small). Once all R&S SPs have a multivalued entity attribute in metadata, all InCommon R&S IdPs will be encouraged to migrate their configurations to the REFEDS R&S entity attribute, that is, to release the R&S attribute bundle to all R&S SPs, globally.

References