Browse a list of all current R&S SPs and IdPs
Migrating to REFEDS R&S Phase II
Outline of Phase II
Migrate to REFEDS R&S now!
If you are an IdP operator that supports R&S, migrate to REFEDS R&S now! (reference needed)
R&S IdPs that migrate to REFEDS R&S will be among the first IdPs exported to eduGAIN.
Migration Process for Existing R&S IdPs
- Review the authoritative REFEDS Research & Scholarship Entity Category specification
Change your IdP's attribute release policy from this:
The configuration of an IdP that HAS NOT migrated to REFEDS R&S<afp:AttributeFilterPolicy id="releaseFullBundleToRandS"> <afp:PolicyRequirementRule xsi:type="saml:AttributeRequesterEntityAttributeExactMatch" attributeName="http://macedir.org/entity-category" attributeValue="http://id.incommon.org/category/research-and-scholarship"/> <!-- attribute rules here --> </afp:AttributeFilterPolicy>
to this:
The configuration of an IdP that HAS migrated to REFEDS R&S<afp:AttributeFilterPolicy id="releaseFullBundleToRandS"> <afp:PolicyRequirementRule xsi:type="saml:AttributeRequesterEntityAttributeExactMatch" attributeName="http://macedir.org/entity-category" attributeValue="http://refeds.org/category/research-and-scholarship"/> <!-- attribute rules here --> </afp:AttributeFilterPolicy>
The latter configuration recognizes the REFEDS R&S entity attribute value instead of the legacy InCommon R&S entity attribute value.
- Declare your ability to support REFEDS R&S by submitting a short form
That's all an existing R&S IdP has to do! When an R&S IdP migrates to REFEDS R&S (as above), the entity attribute in IdP metadata is changed from this:
<mdattr:EntityAttributes xmlns:mdattr="urn:oasis:names:tc:SAML:metadata:attribute"> <!-- the InCommon entity attribute value for R&S IdPs --> <saml:Attribute xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" Name="http://macedir.org/entity-category-support"> <saml:AttributeValue> http://id.incommon.org/category/research-and-scholarship </saml:AttributeValue> </saml:Attribute> </mdattr:EntityAttributes>
to this:
<mdattr:EntityAttributes xmlns:mdattr="urn:oasis:names:tc:SAML:metadata:attribute"> <!-- multivalued entity attribute for R&S IdPs --> <saml:Attribute xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" Name="http://macedir.org/entity-category-support"> <saml:AttributeValue> http://id.incommon.org/category/research-and-scholarship </saml:AttributeValue> <saml:AttributeValue> http://refeds.org/category/research-and-scholarship </saml:AttributeValue> </saml:Attribute> </mdattr:EntityAttributes>
Note, however, that only the REFEDS R&S entity attribute value is exported to eduGAIN!
Exporting the R&S entity attribute
The legacy InCommon R&S entity attribute value
http://id.incommon.org/category/research-and-scholarship
is not exported to eduGAIN. Only the REFEDS R&S entity attribute value
http://refeds.org/category/research-and-scholarship
is exported to eduGAIN!
Decision Point for TAC
A dichotomy has been created for convenience but of course a range of options is possible.
Option #1
- Existing R&S IdPs have two choices:
- Recognize the REFEDS R&S entity attribute value (as described in the previous section)
- Do nothing
- New R&S IdPs have two choices:
- Release attributes to all R&S SPs, including R&S SPs from other federations
- Release attributes to R&S SPs registered by InCommon
- Messaging:
- R&S IdPs that migrate to REFEDS R&S will be among the first IdPs exported to eduGAIN.
- Only the REFEDS R&S entity attribute value will be exported to eduGAIN; in particular, the legacy InCommon R&S entity attribute value will not be exported to eduGAIN.
- The legacy InCommon R&S entity attribute value will remain in InCommon metadata indefinitely.
Option #2
- Existing R&S IdPs have two choices:
- Recognize the REFEDS R&S entity attribute value (as described in the previous section)
- Do nothing
- New R&S IdPs have one choice:
- Release attributes to all R&S SPs, including R&S SPs from other federations
- Messaging:
- R&S IdPs that migrate to REFEDS R&S will be among the first IdPs exported to eduGAIN.
- Only the REFEDS R&S entity attribute value will be exported to eduGAIN; in particular, the legacy InCommon R&S entity attribute value will not be exported to eduGAIN.
- The legacy InCommon R&S entity attribute value will be completely removed from metadata at the end of June 2016.