The Incommon Federation wiki has moved.

Please visit the new InCommon Federation Library wiki for updated content. Remember to update your bookmarks.

Click in the link above if you are not automatically redirected in 15 seconds.



You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 25 Next »

Browse a list of all current R&S SPs and IdPs

Migrating to REFEDS R&S Phase II

Outline of Phase II

Basic message: If you are an IdP operator that supports R&S, migrate to REFEDS R&S now! (reference needed)

R&S IdPs that migrate to REFEDS R&S will be automatically exported to eduGAIN once global R&S SPs have been imported into InCommon metadata.

Migration Process for Existing R&S IdPs

  1. Review the authoritative REFEDS Research & Scholarship Entity Category specification

  2. Change your IdP's attribute release policy from this:

    The configuration of an IdP that HAS NOT migrated to REFEDS R&S
    <afp:AttributeFilterPolicy id="releaseFullBundleToRandS">

  <afp:PolicyRequirementRule xsi:type="saml:AttributeRequesterEntityAttributeExactMatch"
      attributeName="http://macedir.org/entity-category"
      attributeValue="http://id.incommon.org/category/research-and-scholarship"/>

  <!-- attribute rules here -->

</afp:AttributeFilterPolicy>

    to this:

    The configuration of an IdP that HAS migrated to REFEDS R&S
    <afp:AttributeFilterPolicy id="releaseFullBundleToRandS">

  <afp:PolicyRequirementRule xsi:type="saml:AttributeRequesterEntityAttributeExactMatch"
      attributeName="http://macedir.org/entity-category"
      attributeValue="http://refeds.org/category/research-and-scholarship"/>

  <!-- attribute rules here -->

</afp:AttributeFilterPolicy>

    The latter configuration recognizes the REFEDS R&S entity attribute value instead of the legacy InCommon R&S entity attribute value.

  3. Declare your ability to support REFEDS R&S by submitting a short form

That's all an existing R&S IdP has to do! When an R&S IdP migrates to REFEDS R&S (as above), the entity attribute in IdP metadata is changed from this:

The entity attribute of an IdP that HAS NOT migrated to REFEDS R&S
<mdattr:EntityAttributes xmlns:mdattr="urn:oasis:names:tc:SAML:metadata:attribute">
  <!-- the InCommon entity attribute value for R&amp;S IdPs -->
  <saml:Attribute
      xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion"
      NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"
      Name="http://macedir.org/entity-category-support">
    <saml:AttributeValue>
      http://id.incommon.org/category/research-and-scholarship
    </saml:AttributeValue>
  </saml:Attribute>
</mdattr:EntityAttributes>

to this:

The entity attribute of an IdP that HAS migrated to REFEDS R&S
<mdattr:EntityAttributes xmlns:mdattr="urn:oasis:names:tc:SAML:metadata:attribute">
  <!-- multivalued entity attribute for R&amp;S IdPs -->
  <saml:Attribute
      xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion"
      NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"
      Name="http://macedir.org/entity-category-support">
    <saml:AttributeValue>
      http://id.incommon.org/category/research-and-scholarship
    </saml:AttributeValue>
    <saml:AttributeValue>
      http://refeds.org/category/research-and-scholarship
    </saml:AttributeValue>
  </saml:Attribute>
</mdattr:EntityAttributes>

Note, however, that only the REFEDS R&S entity attribute value is exported to eduGAIN!

Exporting the R&S entity attribute

The legacy InCommon R&S entity attribute value

http://id.incommon.org/category/research-and-scholarship

is not exported to eduGAIN. Only the REFEDS R&S entity attribute value

http://refeds.org/category/research-and-scholarship

is exported to eduGAIN!

Decision Point for TAC

A dichotomy has been created for convenience but of course a range of options are possible.

Option #1

  • Existing R&S IdPs have two choices:
    1. Recognize the REFEDS R&S entity attribute value (as described in the previous section)
    2. Do nothing
  • New R&S IdPs have two choices:
    1. Release attributes to all R&S SPs, including R&S SPs from other federations
    2. Release attributes to R&S SPs registered by InCommon
  • Messaging:
    • R&S IdPs that migrate to REFEDS R&S will be among the first IdPs exported to eduGAIN.
    • Only the REFEDS R&S entity attribute value will be exported to eduGAIN; in particular, the legacy InCommon R&S entity attribute value will not be exported to eduGAIN.
    • The legacy InCommon R&S entity attribute value will remain in InCommon metadata indefinitely.

Option #2

  • Existing R&S IdPs have two choices:
    1. Recognize the REFEDS R&S entity attribute value (as described in the previous section)
    2. Do nothing
  • New R&S IdPs have one choice:
    1. Release attributes to all R&S SPs, including R&S SPs from other federations
  • Messaging:
    • R&S IdPs that migrate to REFEDS R&S will be among the first IdPs exported to eduGAIN.
    • Only the REFEDS R&S entity attribute value will be exported to eduGAIN; in particular, the legacy InCommon R&S entity attribute value will not be exported to eduGAIN.
    • The legacy InCommon R&S entity attribute value will be completely removed from metadata at the end of June 2016.

 

#trackbackRdf ($trackbackUtils.getContentIdentifier($page) $page.title $trackbackUtils.getPingUrl($page))
  • No labels