Versions Compared

Old Version 12

changes.mady.by.user Scott Cantor

Saved on

compared with

New Version 13

changes.mady.by.user Scott Cantor

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Reordered IdP text and added note about affiliation.

...

Service Providers SHOULD limit their data requirements to the bundle of attributes defined in Section 5, but MAY negotiate for additional data as required via mechanisms that are outside the scope of this specification.

 

Service Providers are strongly encouraged to support all of the alternative formulations for the shared user identifier and person name attributes described in Section 5 to maximize interoperability. Failure to do so will result in problems even when working exclusively with Identity Providers that claim support for the category.

TBD: A note here related to the reassignment issue? I don't have specific text in mind, but this seems like a place a brief discussion on it could go.

7. Identity Provider Attribute Release

Identity Providers are strongly encouraged to release the entire attribute bundle (both required and optional attributes) defined in Section 5 to R&S category Service Providers.

An Identity Provider indicates support for the R&S Category by exhibiting the R&S entity attribute in its metadata. Such an Identity Provider MUST, for a significant subset of its user population, release all required attributes in the bundle defined in Section 5 to all R&S Service Providers without administrative involvement by any party, either automatically or subject to user consent.

...

An Identity Provider that releases a smaller subset does not support all of the required elements of the R&S attribute bundle, for any reason, SHALL NOT claim support for this category; that is, the Identity Provider SHALL NOT exhibit the R&S entity attribute in its metadata. Exceptions for specific Service Providers may apply in the event of a security incident or other isolated circumstances.

Identity Providers are strongly encouraged to release the entire attribute bundle (both required and optional attributes) defined in Section 5 to R&S category Service Providers, both to maximize interoperability and the scope of supported services. The only optional data element is affiliation, which while different in nature to the rest of the bundle, is important to many R&S services and is a particular differentiator for academic organizations.

8. Examples

A Service Provider that conforms to R&S would exhibit the following EntityAttribute in SAML metadata:

...