...
As a federation, you should be satisfied that the release of personal data is an essential part of the operation of the service (and not purely to activate added features) and that the service in question, whether commercial or not, exists to support research and scholarship as a primary function.
Things
Services that should not be included in this category include:
- e-Journal, ebook or other data access, where content can may be accessed based on a users affiliation without a need for the SP to receive personal information.
- Services selling products or offering discounts to staff or students based on their affiliation.
What
...
attributes should be released as part of R&S?
The Research & Scholarship specification defines a bundles of attributes that Identity Providers are encouraged to release to R&S services:
...
Service Providers should only request attributes that the service actually uses, so for example if email address is not required by the service it should not be requested. The The specification does not explicitly prevent Service Providers from requesting attributes outside the R&S attribute bundle but the expectation is that they should not. RR&S works optimally best for both Identity Providers and Service Providers when the bundle is treated as the maximum maximal set of attributes requested. Service Service Providers requiring more unique / bespoke attribute bundles should talk to the REFEDS community.
...