Migrating to the Global Research & Scholarship Category
This topic is for existing Research & Scholarship (R&S) IdP operators. All R&S SPs in the InCommon Federation now meet the requirements of the REFEDS Research & Scholarship Entity Category specification and therefore all R&S SPs in the InCommon Federation have a multivalued R&S entity attribute in metadata. More importantly, InCommon will soon begin importing the metadata of R&S SPs from other federations, so now is the time for R&S IdP operators to begin thinking about their migration strategy to global R&S.
Basically, an existing R&S IdP operator has two options:
- Release attributes to all R&S SPs, including R&S SPs in other federations
- Release attributes to R&S SPs registered by InCommon only
These two options are discussed in the sections below.
Contents
Releasing Attributes to All R&S SPs
This section is for existing R&S IdPs that want to support global Research & Scholarship by releasing attributes to all R&S SPs, including R&S SPs in other federations.
Supporting the REFEDS R&S Entity Category
To support R&S globally, an existing R&S IdP follows this simple 3-step process:
- Review the authoritative REFEDS Research & Scholarship Entity Category specification
- The requirements for an R&S SP have changed slightly (a gap analysis has been prepared for your convenience)
- The requirements for an R&S IdP have not changed
- Configure your IdP to release attributes to all R&S SPs globally (see next section)
- Declare your IdP's ability to support global R&S by submitting a short form
Configuring an IdP to Release Attributes Globally
If you support R&S today, your IdP is probably configured with a policy rule that releases attributes to R&S SPs tagged with the legacy incommon.org R&S entity attribute value:
<afp:PolicyRequirementRule xsi:type="saml:AttributeRequesterEntityAttributeExactMatch" attributeName="http://macedir.org/entity-category" attributeValue="http://id.incommon.org/category/research-and-scholarship"/>
To support R&S globally, an R&S IdP should instead be configured with a policy rule that releases the R&S Attribute Bundle to all R&S SPs, including R&S SPs in other federations. An instance of Shibboleth IdP V2 is configured as follows:
<afp:PolicyRequirementRule xsi:type="saml:AttributeRequesterEntityAttributeExactMatch" attributeName="http://macedir.org/entity-category" attributeValue="http://refeds.org/category/research-and-scholarship"/>
Configure an instance of Shibboleth IdP V3 as follows:
<afp:PolicyRequirementRule xsi:type="saml:EntityAttributeExactMatch" attributeName="http://macedir.org/entity-category" attributeValue="http://refeds.org/category/research-and-scholarship"/>
For more detailed information about configuring an IdP for R&S, consult the R&S Attribute Bundle Config topic.
Important! For both SPs and IdPs, only the refeds.org R&S entity attribute value is exported to eduGAIN:
Exporting the R&S entity attribute
The legacy incommon.org R&S entity attribute value
http://id.incommon.org/category/research-and-scholarship
is not exported to eduGAIN. Only the refeds.org R&S entity attribute value
http://refeds.org/category/research-and-scholarship
is exported to eduGAIN!
See the R&S Entity Metadata topic for details about entity attributes in metadata.
Releasing Attributes to R&S SPs Registered By InCommon
This section is for existing R&S IdPs that want to continue to release attributes to R&S SPs registered by InCommon.
Configuring an IdP to Release Attributes Locally
If you support R&S today, your IdP is probably configured with a policy rule that releases attributes to R&S SPs tagged with the legacy incommon.org R&S entity attribute value:
<afp:PolicyRequirementRule xsi:type="saml:AttributeRequesterEntityAttributeExactMatch" attributeName="http://macedir.org/entity-category" attributeValue="http://id.incommon.org/category/research-and-scholarship"/>
To retain your current attribute release policy without relying on the legacy incommon.org R&S entity attribute value, an instance of Shibboleth IdP V2 leverages the Registered By InCommon Category:
<afp:PolicyRequirementRule xsi:type="basic:AND"> <basic:Rule xsi:type="saml:AttributeRequesterEntityAttributeExactMatch" attributeName="http://macedir.org/entity-category" attributeValue="http://refeds.org/category/research-and-scholarship"/> <basic:Rule xsi:type="saml:AttributeRequesterEntityAttributeExactMatch" attributeName="http://macedir.org/entity-category" attributeValue="http://id.incommon.org/category/registered-by-incommon"/> </afp:PolicyRequirementRule>
An instance of Shibboleth IdP V3 leverages either the registered-by-incommon
entity attribute (as above) or the <mdrpi:RegistrationInfo>
element directly, as shown in the following example:
<afp:PolicyRequirementRule xsi:type="basic:AND"> <basic:Rule xsi:type="saml:EntityAttributeExactMatch" attributeName="http://macedir.org/entity-category" attributeValue="http://refeds.org/category/research-and-scholarship"/> <basic:Rule xsi:type="saml:RegistrationAuthority" registrars="https://incommon.org"/> </afp:PolicyRequirementRule>
The registrars
XML attribute takes a space-separated list of registrar IDs and therefore the previous configuration is most flexible.
For more information about configuring an IdP for R&S, consult the R&S Attribute Bundle Config topic in the wiki.