Jump to:
This article describes mechanics of tagging an entity in SAML metadata. See Research and Scholarship category for an introduction.
To register your entity for Research and Scholarship (R&S) category, see:
For identity provider
Support Research and Scholarship category in identity provider
For service provider
Apply for Research and Scholarship category for service provider
The http://refeds.org/category/research-and-scholarship
entity attribute expresses qualification or support for the Research & Scholarship (R&S) entity category, service providers (SP) and identity providers (IdP) in the SAML metadata. Because of the semantic differences (an IdP "supports" R&S, where as a SP "qualifies" for R&S), the entity attribute is placed in slightly different places in the metadata:
A service provider satisfying the requirements of the REFEDS R&S Entity category qualifies for, or is a member of the Research and Scholarship entity category. In SAML metadata, this is expressed by adding a <saml:Attribute> name value pair with the attribute name of http://macedir.org/entity-category
and attribute value of http://refeds.org/category/research-and-scholarship
to the SP's metadata.
The semantics of entity attribute names are specified in The Entity Category SAML Entity Metadata Attribute Type (draft-macedir-entity-attribute-00.xml).
For backwards compatibility, an R&S SP also carries the legacy InCommon-only R&S entity attribute value (http://id.incommon.org/category/research-and-scholarship
). Every InCommon registered R&S SP has the following multivalued entity attribute in metadata:
<mdattr:EntityAttributes xmlns:mdattr="urn:oasis:names:tc:SAML:metadata:attribute"> <!-- multivalued entity attribute for R&S SPs --> <saml:Attribute xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" Name="http://macedir.org/entity-category"> <!-- the incommon.org R&S entity attribute value --> <saml:AttributeValue> http://id.incommon.org/category/research-and-scholarship </saml:AttributeValue> <!-- the refeds.org R&S entity attribute value --> <saml:AttributeValue> http://refeds.org/category/research-and-scholarship </saml:AttributeValue> </saml:Attribute> </mdattr:EntityAttributes> |
In addition to being deprecated, the |
The InCommon Federation operator is the registration authority responsible for tagging qualifying SP's with R&S entity attribute. Other than qualifying and applying for Research and Scholarship category for service provider, there is nothing an SP operator needs to do to manage this entity attribute.
A identity provider (IdP) satisfying the requirements of the REFEDS R&S entity category is said to "support" Research and Scholarship entity category. In SAML metadata, this is expressed by adding a <saml:Attribute> name value pair with the attribute name of http://macedir.org/entity-category-support
and attribute value of http://refeds.org/category/research-and-scholarship
to the SP's metadata.
An IdP asserting the REFEDS R&R entity attribute value agrees to release the R&S attribute bundle to all R&S SPs, including R&S SPs in other federations.
<mdattr:EntityAttributes xmlns:mdattr="urn:oasis:names:tc:SAML:metadata:attribute"> <!-- entity attribute for IdPs that support R&S SPs globally --> <saml:Attribute xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" Name="http://macedir.org/entity-category-support"> <!-- the refeds.org R&S entity attribute value --> <saml:AttributeValue> http://refeds.org/category/research-and-scholarship </saml:AttributeValue> </saml:Attribute> </mdattr:EntityAttributes> |
A deprecated, InCommon-only R&S entity attribute (http://id.incommon.org/category/research-and-scholarship)
expresses similar support for R&S attribute release, but only to to R&S SPs registered by InCommon only.
<mdattr:EntityAttributes xmlns:mdattr="urn:oasis:names:tc:SAML:metadata:attribute"> <!-- entity attribute for IdPs that support R&S SPs registered by InCommon --> <saml:Attribute xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" Name="http://macedir.org/entity-category-support"> <!-- the incommon.org R&S entity attribute value --> <saml:AttributeValue> http://id.incommon.org/category/research-and-scholarship </saml:AttributeValue> </saml:Attribute> </mdattr:EntityAttributes> |
Although it is exported to eduGAIN in an IdP's metadata, the InCommon-only R&S entity attribute value has no recognized meaning outside the InCommon Federation. Only IdPs that release attributes to all R&S SPs globally and tagged with the REFEDS R&S entity attribute value are recognized as R&S IdPs by the international R&E community.
The R&S entity attribute in IdP metadata is single-valued, whic means an IdP can only support one R&S entity attribute (either REFEDS or InCommon-only) at a time. This decision affects service providers.
An SP that depends on the R&S entity attribute in IdP metadata must take into account the fact that an R&S IdP will carry either the InCommon-only R&S entity attribute or the REFEDS R&S entity attribute but not both.
To maintain backward compatibility during transition to use the global (REFEDS) R&S entity attribute, the InCommon Federation automatically tags its registered R&S SP with both values so that InCommon Federation registered R&S SP automatically receives attributes from either type of R&S IdP.
In other words, if an SP deployment is configured to recognize the incommon.org R&S tag in IdP metadata, it should be configured to recognize the refeds.org R&S tag as well.
The IdP owner is authoritative for the R&S entity attribute. An IdP indicates its willingness and ability to support R&S following steps outlined in Identity provider - support Research and Scholarship.
The Entity Category SAML Entity Metadata Attribute Type (draft-macedir-entity-attribute-00.xml)
REFEDS Research and Scholarship entity category specification
Identity provider - support Research and Scholarship
Service provider - apply for Research and Scholarship category
Comparing REFEDS and InCommon-only R and S categories
Can't find what you are looking for?