Migrating an SP to the Global Research and Scholarship Category

This topic is for owners of existing Research & Scholarship (R&S) SPs.

Existing R&S IdPs in the InCommon Federation are currently in the process of migrating to global R&S. New R&S IdPs will be encouraged to support global R&S as well. More importantly, InCommon will soon begin importing the metadata of R&S IdPs from other federations. In anticipation of these events, existing R&S SP owners should begin to develop a migration strategy to global R&S.

All R&S SPs in the InCommon Federation now meet the requirements of the international REFEDS Research & Scholarship Entity Category specification and therefore all R&S SPs have a multivalued R&S entity attribute in InCommon metadata. In that sense, all R&S SPs have successfully migrated to global R&S. However, if an R&S SP depends on the R&S entity attribute in IdP metadata, then additional migration steps are required since the entity attributes in IdP metadata will change as IdPs declare their support for global R&S.

For example, a small number of R&S SPs are known to filter IdP metadata such that R&S IdPs are the only IdPs exposed on the SP's discovery interface. Such an SP is dependent upon the R&S entity attribute in IdP metadata.

If your SP deployment depends on the R&S entity attribute in IdP metadata, please read on. Otherwise there is nothing further you need to do.

An SP deployment that depends on the R&S entity attribute in IdP metadata almost certainly recognizes the legacy incommon.org R&S entity attribute value:

http://id.incommon.org/category/research-and-scholarship

Such an SP may also want to recognize the refeds.org R&S entity attribute value

http://refeds.org/category/research-and-scholarship

since IdPs that support global R&S will necessarily carry the latter in their metadata. Indeed, R&S IdPs from other federations will carry the refeds.org R&S tag exclusively.

An R&S IdP carries a single-valued entity attribute in its metadata

An R&S IdP will carry either the incommon.org R&S tag or the refeds.org R&S tag, but not both. An SP that depends on the R&S entity attribute in IdP metadata must take this fact into account.

For example, a Shibboleth SP that restricts its discovery interface to R&S IdPs might configure the following:

A Shib configuration that recognizes an R&S entity attribute in IdP metadata

<!--
    The following MetadataProvider attempts to refresh the 
    InCommon production metadata aggregate every hour.
-->
<MetadataProvider type="XML"
    url="http://md.incommon.org/InCommon/InCommon-metadata.xml"
    backingFilePath="InCommon-metadata.xml" maxRefreshDelay="3600"
    legacyOrgNames="true">

  <!-- Verify the signature on the metadata file -->
  <MetadataFilter type="Signature" certificate="inc-md-cert.pem"/>

  <!--
      Require a validUntil XML attribute on the EntitiesDescriptor element
      and make sure its value is no more than 14 days into the future
  -->
  <MetadataFilter type="RequireValidUntil" maxValidityInterval="1209600"/>

  <!--
      As the refeds.org R&S tag becomes more prevalent, the
      order of the attributes should be reversed for efficiency.
  -->
  <MetadataFilter type="Whitelist" matcher="EntityAttributes">
    <saml:Attribute
        Name="http://macedir.org/entity-category-support"
        NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
      <saml:AttributeValue>http://id.incommon.org/category/research-and-scholarship</saml:AttributeValue>
    </saml:Attribute>
    <saml:Attribute
        Name="http://macedir.org/entity-category-support"
        NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
      <saml:AttributeValue>http://refeds.org/category/research-and-scholarship</saml:AttributeValue>
    </saml:Attribute>
  </MetadataFilter>

</MetadataProvider>

Child pages

Migrating an SP to Global Research and Scholarship

Migrating an SP to the Global Research and Scholarship Category