As detailed in Research and Scholarship Category, the Research and Scholarship Entity Category is used to facilitate the exchange of information between IdPs and SPs in support of activities related to research and scholarship. Institutions that operate Service Providers (SPs) state compliance with a set of operational and technical practices to protect identity information, and institutions operating Identity Providers (IdPs) state agree to release low-risk attributes to those SPs. InCommon reviews these statements and assigns the Research and Scholarship Entity Category to those IdPs and SPs.
Certification for the Research and Scholarship (R&S) Category is a straightforward process involving you, your institution, and InCommon.
- You ensure that your SP or IdP meets the requirements set forth in the Research and Scholarship Entity Category definition and the InCommon Federation Participation Agreement (Section 9, in particular). Note that the requirements for IdPs and SPs are different; the primary requirements are:
- The IdP agrees to transmit the following information, upon request, to SPs that have been certified for the R&S Category: shared user identifier, person name, email address, and (optionally) affiliation.
- The service enhances the research and scholarship activities of some subset of the user community.
- Service metadata has been submitted to the registrar for publication.
- The service complies with specific technical requirements addressing issues of security and operational maturity.
- See Research and Scholarship Entity Category for more information and the complete set of requirements for both IdPs and SPs.
- You complete an online application form. There are different forms for IdPs and SPs:
- InCommon reviews your application. You may be contacted to resolve any questions or issues that arise.
- Assuming the review is successful, InCommon generates a metadata update for your IdP or SP.
- Your site administrator approves the metadata update, and the process is complete.
A Note about Privacy
It should be noted that exchange between IdPs and SPs within InCommon is subject to Section 9 of the InCommon Federation Participation Agreement, which states "Participant agrees to respect the privacy of and any other constraints placed on identity information that it might receive from other InCommon Participants as agreed upon between Participant and the InCommon Participant(s). In particular, Participant understands that it may not permanently store nor share or disclose or use for any purpose other than its intended purpose any identity information that it receives from another InCommon Participant without express written permission of the other InCommon Participant. Participant understands that the storing and sharing of resources is between the Participant and the InCommon Participant(s) and is not the responsibility of InCommon." This is a requirement for your IdPs and SPs, independent of whether they are certified for the R&S entity category.
Also, the information transmitted from IdPs to SPs under the R&S entity category is designed to comply with the minimal disclosure principle, and legal review in Europe has determined that it satisfies GDRP requirements for privacy of identity information.