Migrating to the Global Research & Scholarship Category

This topic is for existing Research & Scholarship (R&S) IdP operators. All R&S SPs in the InCommon Federation now meet the requirements of the REFEDS R&S Entity Category specification and therefore every R&S SP has a multivalued R&S entity attribute in metadata. More importantly, InCommon will soon begin importing the metadata of R&S SPs from other federations, so now is the time for R&S IdP operators to begin thinking about their migration strategy to global R&S.

Basically, an existing R&S IdP operator has two options:

  1. Release attributes to all R&S SPs, including R&S SPs from other federations
  2. Release attributes to R&S SPs registered by InCommon only

These two options are discussed in the sections below.

Contents

Releasing Attributes to All R&S Sps

This section is for existing R&S IdPs that want to support global Research & Scholarship by releasing attributes to all R&S SPs, including R&S SPs in other federations.

Supporting the REFEDS R&S Entity Category

To support R&S globally, an existing R&S IdP follows this simple 3-step process:

  1. Review the authoritative REFEDS Research & Scholarship Entity Category specification
    1. The requirements for an R&S IdP have not changed
    2. The requirements for an R&S SP have changed slightly (a gap analysis has been prepared for your convenience)
  2. Configure your IdP to release attributes to all R&S SPs globally (see next section)
  3. Declare your IdP's ability to support global R&S by submitting a short form
An IdP that releases attributes to all R&S SPs will be among the first group of InCommon IdPs whose metadata is exported to eduGAIN.

Configuring an IdP to Release Attributes Globally

Most of the Research & Scholarship (R&S) IdPs in the InCommon Federation are configured with a policy rule that releases attributes to R&S SPs tagged with the legacy incommon.org R&S entity attribute value:

<afp:PolicyRequirementRule xsi:type="saml:AttributeRequesterEntityAttributeExactMatch"
    attributeName="http://macedir.org/entity-category"
    attributeValue="http://id.incommon.org/category/research-and-scholarship"/>

To support R&S globally, an R&S IdP should instead be configured with a policy that releases the R&S Attribute Bundle to all R&S SPs, including R&S SPs in other federations:

<afp:PolicyRequirementRule xsi:type="saml:AttributeRequesterEntityAttributeExactMatch"
    attributeName="http://macedir.org/entity-category"
    attributeValue="http://refeds.org/category/research-and-scholarship"/>
 
<!-- for Shib IdP V3, use type saml:EntityAttributeExactMatch instead -->

For more detailed information about configuring an IdP for R&S, consult the R&S Attribute Bundle Config topic.

To facilitate the migration process suggested by the previous configurations, all R&S SPs registered by InCommon now have a multivalued R&S entity attribute in metadata.

Important! For both SPs and IdPs, only the refeds.org R&S entity attribute value is exported to eduGAIN:

The legacy incommon.org R&S entity attribute value

http://id.incommon.org/category/research-and-scholarship

is not exported to eduGAIN. Only the refeds.org R&S entity attribute value

http://refeds.org/category/research-and-scholarship

is exported to eduGAIN!

See the R&S Entity Metadata topic for details about entity attributes in metadata.

Releasing Attributes to R&S SPs Registered By InCommon

This section is for existing R&S IdPs that want to continue to release attributes to R&S SPs registered by InCommon.

Configuring an IdP to Release Attributes Locally

Most of the Research & Scholarship (R&S) IdPs in the InCommon Federation are configured with a policy rule that releases attributes to R&S SPs tagged with the legacy incommon.org R&S entity attribute value:

<afp:PolicyRequirementRule xsi:type="saml:AttributeRequesterEntityAttributeExactMatch"
    attributeName="http://macedir.org/entity-category"
    attributeValue="http://id.incommon.org/category/research-and-scholarship"/>

An instance of Shibboleth IdP V2 leverages the Registered By InCommon Category to retain its current attribute release policy without relying on the legacy InCommon R&S entity attribute value:

<afp:PolicyRequirementRule xsi:type="basic:AND">
  <basic:Rule xsi:type="saml:AttributeRequesterEntityAttributeExactMatch"
      attributeName="http://macedir.org/entity-category"
      attributeValue="http://refeds.org/category/research-and-scholarship"/>
  <basic:Rule xsi:type="saml:AttributeRequesterEntityAttributeExactMatch"
      attributeName="http://macedir.org/entity-category"
      attributeValue="http://id.incommon.org/category/registered-by-incommon"/>
</afp:PolicyRequirementRule>

An instance of Shibboleth IdP V3 leverages either the registered-by-incommon entity attribute (as above) or the <mdrpi:RegistrationInfo> element directly, as shown in the following example:

<afp:PolicyRequirementRule xsi:type="basic:AND">
  <basic:Rule xsi:type="saml:EntityAttributeExactMatch"
      attributeName="http://macedir.org/entity-category"
      attributeValue="http://refeds.org/category/research-and-scholarship"/>
  <basic:Rule xsi:type="saml:RegistrationAuthority"
      registrars="https://incommon.org"/>
</afp:PolicyRequirementRule>

For more information about configuring an IdP for R&S, consult the R&S Attribute Bundle Config topic in the wiki.