Migrating to the Global Research & Scholarship Category
This topic is for operators of existing Research & Scholarship (R&S) IdPs. All R&S SPs in the InCommon Federation now meet the requirements of the international REFEDS Research & Scholarship Entity Category specification and therefore all R&S SPs have a multivalued R&S entity attribute in InCommon metadata. More importantly, InCommon will begin importing the metadata of R&S SPs from other federations as soon as possible, so now is the time for R&S IdP operators to begin thinking about their migration strategy to global R&S.
Basically, the operator of an existing R&S IdP has two options:
- Release attributes to all R&S SPs, including R&S SPs in other federations
- Release attributes to R&S SPs registered by InCommon only
These two options are discussed in the sections below.
Your action is RECOMMENDED but NOT REQUIRED
Contents
Use of the Legacy R&S Tag
If you support R&S today, your IdP is probably configured with a policy rule that releases attributes to R&S SPs tagged with the legacy incommon.org R&S entity attribute value. For example:
<afp:PolicyRequirementRule xsi:type="saml:AttributeRequesterEntityAttributeExactMatch" attributeName="http://macedir.org/entity-category" attributeValue="http://id.incommon.org/category/research-and-scholarship"/>
Use of the incommon.org R&S tag in this manner is deprecated.
Use of the incommon.org R&S tag at the IdP is deprecated
Thus all R&S IdPs should be reconfigured to not rely on the legacy incommon.org R&S tag. Although we have no immediate plans to remove that tag from SP metadata, we reserve the right to do so in the future. We will of course let you know in advance if and when this happens but in the meantime we ask that you remove the legacy incommon.org R&S tag from your IdP configuration. Doing so now prevents you from having to do so later on.
Releasing Attributes to All R&S SPs
This section is for existing R&S IdPs that want to support global Research & Scholarship by releasing attributes to all R&S SPs, including R&S SPs in other federations.
Supporting the REFEDS R&S Entity Category
To support R&S globally, the operator of an existing R&S IdP follows this simple 3-step process:
- Review the authoritative REFEDS Research & Scholarship Entity Category specification
- The requirements for an R&S SP have changed slightly (a gap analysis has been prepared for your convenience)
- The requirements for an R&S IdP have not changed
- Configure your IdP to release attributes to all R&S SPs globally (see next section)
- Declare your IdP's ability to support global R&S by submitting a short form
Configuring an IdP to Release Attributes Globally
To support R&S globally, an R&S IdP should be configured with a policy rule that releases the R&S Attribute Bundle to all R&S SPs, including R&S SPs in other federations. An instance of Shibboleth IdP V2 may be configured as follows:
<afp:PolicyRequirementRule xsi:type="saml:AttributeRequesterEntityAttributeExactMatch" attributeName="http://macedir.org/entity-category" attributeValue="http://refeds.org/category/research-and-scholarship"/>
Similarly, an instance Shibboleth IdP V3 may be configured as follows:
<afp:PolicyRequirementRule xsi:type="saml:EntityAttributeExactMatch" attributeName="http://macedir.org/entity-category" attributeValue="http://refeds.org/category/research-and-scholarship"/>
Note that the above configurations recognize the refeds.org R&S entity attribute value. For more detailed information about configuring an IdP for R&S, consult the R&S Attribute Bundle Config topic.
Important! For both SPs and IdPs, only the refeds.org R&S entity attribute value is exported to eduGAIN:
Exporting the R&S entity attribute
The legacy incommon.org R&S entity attribute value
http://id.incommon.org/category/research-and-scholarship
is not exported to eduGAIN. Only the refeds.org R&S entity attribute value
http://refeds.org/category/research-and-scholarship
is exported to eduGAIN!
See the R&S Entity Metadata topic for details about entity attributes in metadata.
Releasing Attributes to R&S SPs Registered By InCommon
This section is for existing R&S IdPs that want to continue to release attributes to R&S SPs registered by InCommon.
Configuring an IdP to Release Attributes Locally
To support R&S locally, an R&S IdP should be configured with a policy rule that releases the R&S Attribute Bundle to R&S SPs registered by InCommon. To do this without relying on the legacy incommon.org R&S tag, an instance of Shibboleth IdP V2 leverages the Registered By InCommon Category as follows:
<afp:PolicyRequirementRule xsi:type="basic:AND"> <basic:Rule xsi:type="saml:AttributeRequesterEntityAttributeExactMatch" attributeName="http://macedir.org/entity-category" attributeValue="http://refeds.org/category/research-and-scholarship"/> <basic:Rule xsi:type="saml:AttributeRequesterEntityAttributeExactMatch" attributeName="http://macedir.org/entity-category" attributeValue="http://id.incommon.org/category/registered-by-incommon"/> </afp:PolicyRequirementRule>
An instance of Shibboleth IdP V3 leverages either the registered-by-incommon
entity attribute (as above) or the <mdrpi:RegistrationInfo>
element in metadata directly, as shown in the following example:
<afp:PolicyRequirementRule xsi:type="basic:AND"> <basic:Rule xsi:type="saml:EntityAttributeExactMatch" attributeName="http://macedir.org/entity-category" attributeValue="http://refeds.org/category/research-and-scholarship"/> <basic:Rule xsi:type="saml:RegistrationAuthority" registrars="https://incommon.org"/> </afp:PolicyRequirementRule>
The registrars
XML attribute takes a space-separated list of registrar IDs and therefore the previous configuration is most flexible.
For more information about configuring an IdP for R&S, consult the R&S Attribute Bundle Config topic in the wiki.