Child pages
  • Research and Scholarship FAQ

Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

An important characteristic of collaborative tools and services is that they require the user’s name to function effectively. Hence, the R&S attribute bundle includes a name-based identifier (eduPersonPrincipalName) and person name as essential attributes. The user’s email address is also included in the bundle, to facilitate communication among the users of the service and between the service and its users.

 

What exactly is meant by a "production SAML deployment?"

...

The following REFEDS R&S requirement: 

4.3.1 The Service Provider is a production SAML deployment that supports SAML V2.0 HTTP-POST binding.

...

may be interpreted as the following pair of requirements: 

  • The Service Provider supports standard SAML V2.0 Web Browser SSO. In particular, the Service Provider has an endpoint in metadata that supports the SAML V2.0 HTTP-POST binding.

  • The Service Provider is a production deployment or one of a group of services that together comprise a production deployment.

...

The latter includes dev and/or staging instances of the overall Service Provider deployment.

Are SPs allowed to request attributes other than

...

R&S attributes?

Service Providers should only request attributes that the service actually uses, so for example if email address is not required by the service it should not be requested. The specification does not explicitly prevent Service Providers from requesting attributes outside the R&S attribute bundle but strongly suggests that they do not ("Service Providers SHOULD request a subset of R&S Category Attributes", section 5 of the specification). R&S works best for both Identity Providers and Service Providers when the bundle is treated as the maximal set of attributes requested.

...