Versions Compared

Old Version 2

changes.mady.by.user trscavo@internet2.edu

Saved on

compared with

New Version 3

changes.mady.by.user trscavo@internet2.edu

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

As of Feb 16, all but five (5) R&S SPs have been migrated to REFEDS R&S; that is, 27 of 32 R&S SPs now have a multivalued R&S entity attribute in metadata:

 

Code Block
languageXML
titleA Multivalued R&S Entity Attribute for SPs
<mdattr:EntityAttributes
    xmlns:mdattr="urn:oasis:names:tc:SAML:metadata:attribute">
  <!-- multivalued entity attribute for R&amp;S SPs -->
  <saml:Attribute
      xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion"
      NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"
      Name="http://macedir.org/entity-category">
    <saml:AttributeValue>
      http://id.incommon.org/category/research-and-scholarship
    </saml:AttributeValue>
    <saml:AttributeValue>
      http://refeds.org/category/research-and-scholarship
    </saml:AttributeValue>
  </saml:Attribute>
</mdattr:EntityAttributes>

I suspect I believe two of the remaining five R&S SPs are at risk:

  1. GPN/UM Dropoff Services

  2. Narada Metrics

OTOH, I believe the other three (Indiana CTSI Hub, nanoHUB.org, and Penn State WikiSpaces) will successfully migrate by the end of February.

...

  1. An R&S IdP migrates to REFEDS R&S by changing its config from this:

    Code Block
    titleThe configuration of an IdP that has NOT migrated to REFEDS R&S
    <afp:AttributeFilterPolicy id="releaseFullBundleToRandS">

  <afp:PolicyRequirementRule xsi:type="saml:AttributeRequesterEntityAttributeExactMatch"
      attributeName="http://macedir.org/entity-category"
      attributeValue="http://id.incommon.org/category/research-and-scholarship"/>

  <!-- attribute rules here -->

</afp:AttributeFilterPolicy>

    to this:

    Code Block
    titleThe configuration of an IdP that has migrated to REFEDS R&S
    <afp:AttributeFilterPolicy id="releaseFullBundleToRandS">

  <afp:PolicyRequirementRule xsi:type="saml:AttributeRequesterEntityAttributeExactMatch"
      attributeName="http://macedir.org/entity-category"
      attributeValue="http://refeds.org/category/research-and-scholarship"/>

  <!-- attribute rules here -->

</afp:AttributeFilterPolicy>

  2. When an R&S IdP migrates to REFEDS R&S (as above), the entity attribute in IdP metadata is will be changed from this:

    Code Block
    languageXML
    titleThe InCommon R&S Entity Attribute for IdPs
    <mdattr:EntityAttributes
    xmlns:mdattr="urn:oasis:names:tc:SAML:metadata:attribute">
  <!-- the InCommon entity attribute value for R&amp;S IdPs -->
  <saml:Attribute
      xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion"
      NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"
      Name="http://macedir.org/entity-category-support">
    <saml:AttributeValue>
      http://id.incommon.org/category/research-and-scholarship
    </saml:AttributeValue>
  </saml:Attribute>
</mdattr:EntityAttributes>

    to this:

    Code Block
    titleThe REFEDS R&S Entity Attribute for IdPs
    <mdattr:EntityAttributes
    xmlns:mdattr="urn:oasis:names:tc:SAML:metadata:attribute">
  <!-- the REFEDS entity attribute value for R&amp;S IdPs -->
  <saml:Attribute
      xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion"
      NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"
      Name="http://macedir.org/entity-category-support">
    <saml:AttributeValue>
      http://refeds.org/category/research-and-scholarship
    </saml:AttributeValue>
  </saml:Attribute>
</mdattr:EntityAttributes>

  3. The InCommon R&S entity attribute value is not exported to eduGAIN. That is, only the REFEDS R&S entity attribute value is exported to eduGAIN (whereas the InCommon R&S entity attribute value is filtered at the border of the InCommon Federation).

  4. R&S IdPs that migrate to REFEDS R&S will be automatically exported to eduGAIN once global R&S SPs have been imported into InCommon metadata.

...