Migrating to REFEDS R&S Phase II
Browse a list of all current R&S SPs and IdPs
Report on Phase I
As of March 2, 2015, all but two (2) R&S SPs meet the requirements of REFEDS R&S; that is, 31 of 33 R&S SPs have a multivalued R&S entity attribute in metadata:
<mdattr:EntityAttributes xmlns:mdattr="urn:oasis:names:tc:SAML:metadata:attribute">
<!-- multivalued entity attribute for R&S SPs -->
<saml:Attribute
xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion"
NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"
Name="http://macedir.org/entity-category">
<saml:AttributeValue>
http://id.incommon.org/category/research-and-scholarship
</saml:AttributeValue>
<saml:AttributeValue>
http://refeds.org/category/research-and-scholarship
</saml:AttributeValue>
</saml:Attribute>
</mdattr:EntityAttributes>
One of the two remaining R&S SPs (Narada Metrics) has applied for REFEDS R&S. The other R&S SP (GPN/UM Dropoff Services) is non-responsive.
Outline of Phase II
Basic message: If you are an IdP operator that supports R&S, migrate to REFEDS R&S now! (reference needed)
R&S IdPs that migrate to REFEDS R&S will be automatically exported to eduGAIN once global R&S SPs have been imported into InCommon metadata.
Migration Process for Existing R&S IdPs
- Review the authoritative REFEDS Research & Scholarship Entity Category specification
Change your IdP's attribute release policy from this:
The configuration of an IdP that HAS NOT migrated to REFEDS R&S<afp:AttributeFilterPolicy id="releaseFullBundleToRandS"> <afp:PolicyRequirementRule xsi:type="saml:AttributeRequesterEntityAttributeExactMatch" attributeName="http://macedir.org/entity-category" attributeValue="http://id.incommon.org/category/research-and-scholarship"/> <!-- attribute rules here --> </afp:AttributeFilterPolicy>to this:
The configuration of an IdP that HAS migrated to REFEDS R&S<afp:AttributeFilterPolicy id="releaseFullBundleToRandS"> <afp:PolicyRequirementRule xsi:type="saml:AttributeRequesterEntityAttributeExactMatch" attributeName="http://macedir.org/entity-category" attributeValue="http://refeds.org/category/research-and-scholarship"/> <!-- attribute rules here --> </afp:AttributeFilterPolicy>The latter configuration recognizes the REFEDS R&S entity attribute value instead of the legacy InCommon R&S entity attribute value.
- Declare your ability to support REFEDS R&S by submitting a short form
That's all an existing R&S IdP has to do! When an R&S IdP migrates to REFEDS R&S (as above), the entity attribute in IdP metadata is changed from this:
<mdattr:EntityAttributes xmlns:mdattr="urn:oasis:names:tc:SAML:metadata:attribute">
<!-- the InCommon entity attribute value for R&S IdPs -->
<saml:Attribute
xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion"
NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"
Name="http://macedir.org/entity-category-support">
<saml:AttributeValue>
http://id.incommon.org/category/research-and-scholarship
</saml:AttributeValue>
</saml:Attribute>
</mdattr:EntityAttributes>
to this:
<mdattr:EntityAttributes xmlns:mdattr="urn:oasis:names:tc:SAML:metadata:attribute">
<!-- multivalued entity attribute for R&S IdPs -->
<saml:Attribute
xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion"
NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"
Name="http://macedir.org/entity-category-support">
<saml:AttributeValue>
http://id.incommon.org/category/research-and-scholarship
</saml:AttributeValue>
<saml:AttributeValue>
http://refeds.org/category/research-and-scholarship
</saml:AttributeValue>
</saml:Attribute>
</mdattr:EntityAttributes>
Note, however, only the REFEDS R&S entity attribute value is exported to eduGAIN!
Exporting the R&S entity attribute
The InCommon R&S entity attribute value
http://id.incommon.org/category/research-and-scholarship
is not exported to eduGAIN. Only the REFEDS R&S entity attribute value
http://refeds.org/category/research-and-scholarship
is exported to eduGAIN!