This topic is for owners of existing Research & Scholarship (R&S) SPs.
Existing R&S IdPs in the InCommon Federation are currently in the process of migrating to global R&S. New R&S IdPs will be encouraged to support global R&S as well. More importantly, InCommon will soon begin importing the metadata of R&S IdPs from other federations. In anticipation of these events, existing R&S SP owners should begin to develop a migration strategy to global R&S.
All R&S SPs in the InCommon Federation now meet the requirements of the international REFEDS Research & Scholarship Entity Category specification and therefore all R&S SPs have a multivalued R&S entity attribute in InCommon metadata. In that sense, all R&S SPs have successfully migrated to global R&S. However, if an R&S SP depends on the R&S entity attribute in IdP metadata, then additional migration steps are required since the entity attributes in IdP metadata will change as IdPs declare their support for global R&S.
For example, a small number of R&S SPs are known to filter IdP metadata such that R&S IdPs are the only IdPs exposed on the SP's discovery interface. Such an SP is dependent upon the R&S entity attribute in IdP metadata.
| If your SP deployment depends on the R&S entity attribute in IdP metadata, please read on. Otherwise there is nothing further you need to do. |
An SP deployment that depends on the R&S entity attribute in IdP metadata almost certainly recognizes the legacy incommon.org R&S entity attribute value:
http://id.incommon.org/category/research-and-scholarship
Such an SP may also want to recognize the refeds.org R&S entity attribute value
http://refeds.org/category/research-and-scholarship
since IdPs that support global R&S will necessarily carry the latter in their metadata. Indeed, R&S IdPs from other federations will carry the refeds.org R&S tag exclusively.
| An R&S IdP will carry either the incommon.org R&S tag or the refeds.org R&S tag, but not both. An SP that depends on the R&S entity attribute in IdP metadata must take this fact into account. |
For example, a Shibboleth SP that restricts its discovery interface to R&S IdPs might configure the following:
<!--
The following MetadataProvider attempts to refresh the
InCommon production metadata aggregate every hour.
-->
<MetadataProvider type="XML"
url="http://md.incommon.org/InCommon/InCommon-metadata.xml"
backingFilePath="InCommon-metadata.xml" maxRefreshDelay="3600"
legacyOrgNames="true">
<!-- Verify the signature on the metadata file -->
<MetadataFilter type="Signature" certificate="inc-md-cert.pem"/>
<!--
Require a validUntil XML attribute on the EntitiesDescriptor element
and make sure its value is no more than 14 days into the future
-->
<MetadataFilter type="RequireValidUntil" maxValidityInterval="1209600"/>
<!--
As the refeds.org R&S tag becomes more prevalent, the
order of the attributes should be reversed for efficiency.
-->
<MetadataFilter type="Whitelist" matcher="EntityAttributes">
<saml:Attribute
Name="http://macedir.org/entity-category-support"
NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
<saml:AttributeValue>http://id.incommon.org/category/research-and-scholarship</saml:AttributeValue>
</saml:Attribute>
<saml:Attribute
Name="http://macedir.org/entity-category-support"
NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
<saml:AttributeValue>http://refeds.org/category/research-and-scholarship</saml:AttributeValue>
</saml:Attribute>
</MetadataFilter>
</MetadataProvider> |