Migrating to REFEDS R&S Phase II
Browse a list of all current R&S SPs and IdPs
Report on Phase I
As of Feb 16, all but five (5) R&S SPs have been migrated to REFEDS R&S; that is, 27 of 32 R&S SPs now have a multivalued R&S entity attribute in metadata:
<mdattr:EntityAttributes xmlns:mdattr="urn:oasis:names:tc:SAML:metadata:attribute"> <!-- multivalued entity attribute for R&S SPs --> <saml:Attribute xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" Name="http://macedir.org/entity-category"> <saml:AttributeValue> http://id.incommon.org/category/research-and-scholarship </saml:AttributeValue> <saml:AttributeValue> http://refeds.org/category/research-and-scholarship </saml:AttributeValue> </saml:Attribute> </mdattr:EntityAttributes>
I suspect two of the remaining five R&S SPs are at risk:
GPN/UM Dropoff Services
Narada Metrics
OTOH, I believe the other three (Indiana CTSI Hub, nanoHUB.org, and Penn State WikiSpaces) will successfully migrate by the end of February.
Outline of Phase II
Basic message: If you are an IdP operator that supports R&S, migrate to REFEDS R&S now! (reference needed)
Recommended migration process:
An R&S IdP migrates to REFEDS R&S by changing its config from this:
The configuration of an IdP that has NOT migrated to REFEDS R&S<afp:AttributeFilterPolicy id="releaseFullBundleToRandS"> <afp:PolicyRequirementRule xsi:type="saml:AttributeRequesterEntityAttributeExactMatch" attributeName="http://macedir.org/entity-category" attributeValue="http://id.incommon.org/category/research-and-scholarship"/> <!-- attribute rules here --> </afp:AttributeFilterPolicy>
to this:
The configuration of an IdP that has migrated to REFEDS R&S<afp:AttributeFilterPolicy id="releaseFullBundleToRandS"> <afp:PolicyRequirementRule xsi:type="saml:AttributeRequesterEntityAttributeExactMatch" attributeName="http://macedir.org/entity-category" attributeValue="http://refeds.org/category/research-and-scholarship"/> <!-- attribute rules here --> </afp:AttributeFilterPolicy>
When an R&S IdP migrates to REFEDS R&S (as above), the entity attribute in IdP metadata will be changed from this:
The InCommon R&S Entity Attribute for IdPs<mdattr:EntityAttributes xmlns:mdattr="urn:oasis:names:tc:SAML:metadata:attribute"> <!-- the InCommon entity attribute value for R&S IdPs --> <saml:Attribute xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" Name="http://macedir.org/entity-category-support"> <saml:AttributeValue> http://id.incommon.org/category/research-and-scholarship </saml:AttributeValue> </saml:Attribute> </mdattr:EntityAttributes>
to this:
The REFEDS R&S Entity Attribute for IdPs<mdattr:EntityAttributes xmlns:mdattr="urn:oasis:names:tc:SAML:metadata:attribute"> <!-- the REFEDS entity attribute value for R&S IdPs --> <saml:Attribute xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" Name="http://macedir.org/entity-category-support"> <saml:AttributeValue> http://refeds.org/category/research-and-scholarship </saml:AttributeValue> </saml:Attribute> </mdattr:EntityAttributes>
The InCommon R&S entity attribute value is not exported to eduGAIN. That is, only the REFEDS R&S entity attribute value is exported to eduGAIN (whereas the InCommon R&S entity attribute value is filtered at the border of the InCommon Federation).
R&S IdPs that migrate to REFEDS R&S will be automatically exported to eduGAIN once global R&S SPs have been imported into InCommon metadata.
Once Phase II begins, the following wiki pages will need to be edited:
https://spaces.at.internet2.edu/x/-oKVAQ
https://spaces.at.internet2.edu/x/eQTvAQ