| Note | ||
|---|---|---|
| ||
Note that this page has been deprecated. The information it contains is no longer current. InCommon no longer certifies IdPs that release R&S attributes only locally, although some IdPs do still retain that legacy certification, so this document has been retained to illuminate the differences between global and InCommon-only R&S certifications. All IdPs are encouraged to certify for global R&S; see How to Apply for the Research and Scholarship (R&S) Entity Category for more information. |
Migrating an IdP to the Global Research & Scholarship Category
...
| Note | ||
|---|---|---|
| ||
| Since all R&S SPs have a multivalued R&S entity attribute in InCommon metadata (for backwards compatibility), R&S IdP operators can migrate to global R&S at any time. |
Reconfiguring Your IdP
| Warning | ||
|---|---|---|
| ||
| As of July 31, 2016, Shibboleth IdP V2 is unsupported software. You should upgrade to Shibboleth IdP V3 as soon as possible! |
Use of the Legacy R&S Tag
...
| Code Block | ||||
|---|---|---|---|---|
| ||||
<afp:PolicyRequirementRule xsi:type="saml:AttributeRequesterEntityAttributeExactMatch"
attributeName="http://macedir.org/entity-category"
attributeValue="http://refeds.org/category/research-and-scholarship"/> |
An instance of Shibboleth IdP V3 is configured similarly:
...
| Code Block | ||||
|---|---|---|---|---|
| ||||
<afp:PolicyRequirementRule xsi:type="basic:AND">
<basic:Rule xsi:type="saml:EntityAttributeExactMatch"
attributeName="http://macedir.org/entity-category"
attributeValue="http://refeds.org/category/research-and-scholarship"/>
<basic:Rule xsi:type="saml:RegistrationAuthority"
registrars="https://incommon.org"/>
</afp:PolicyRequirementRule> |
| Tip | ||
|---|---|---|
| ||
Note that the registrars XML attribute in the preceding example takes a space-separated list of registrar IDs |
...
| , which is most flexible. You could easily expand your attribute release policy by adding other registrar IDs to the list. |
For more information about configuring an IdP for R&S, consult the R&S IdP Config topic in the wiki.
...
We have no definite plans to remove the legacy incommon.org R&S tag from SP metadata. We will monitor the progress of the Research & Scholarship category in the InCommon Federation and make a determination at a later time. In the meantime, it is RECOMMENDED that all IdPs remove all references to the legacy incommon.org R&S tag from their configurations.
| Note | ||
|---|---|---|
| ||
The legacy incommon.org R&S entity attribute value
in SP metadata is not exported to eduGAIN. Only the refeds.org R&S entity attribute value
in SP metadata is exported to eduGAIN! That is, R&S SPs exported to eduGAIN have a single-valued R&S entity attribute in metadata (since backwards compatibility is not an issue outside of the InCommon Federation). |
...
As long as there are IdPs that want to restrict attribute release to R&S SPs registered by InCommon, the legacy incommon.org R&S tag will remain in IdP metadata. Note well: From a global perspective, you do not support R&S unless you recognize the refeds.org R&S entity attribute value in SP metadata.
When should I migrate to global R&S, that is, when should I reconfigure my IdP to release attributes to all R&S SPs globally?
...
If you don’t want to release attributes to R&S SPs from other federations, don’t change your attribute release policy to recognize the refeds.org R&S entity attribute value. Simply continue to recognize the legacy incommon.org R&S entity attribute value as you do now, or better yet, reconfigure your IdP to release attributes to R&S SPs registered by InCommon without relying on the legacy incommon.org R&S tag.
If I don’t release attributes to global R&S SPs, why do I have to touch my IdP config at all?
...
That said, we encourage you to reconfigure your IdP as documented. If you do, and we decide to remove the legacy incommon.org R&S tag from SP metadata at some later date, you’ll be all set. In any case, we won’t do anything without giving everyone ample lead time.