"Research and Scholarship" Entity Category FAQ
Where is the official Research and Scholarship definition?
The formal, approved definition of the REFEDS Research and Scholarship (R&S) Entity Category is published on the REFEDS website. (Note that the URI value of the REFEDS entity attribute resolves to the R&S specification.)
What type of resources do you consider "research and scholarship"?
The category definition says that:
Candidates for the Research and Scholarship (R&S) Category are Service Providers that are operated for the purpose of supporting research and scholarship interaction, collaboration or management, at least in part.
Example Service Providers may include (but are not limited to) collaborative tools and services such as wikis, blogs, project and grant management tools that require some personal information about users to work effectively. This Entity Category should not be used for access to licensed content such as e-journals.
Broadly this means that R&S is intended for platforms and services used by researchers where some sort of collaboration, discussion or interaction is required, making the release of personally identifiable information necessary for the service to work properly. Think about issues like:
- Is it necessary for a name to be displayed in order for work to be attributed to the user or to show them as the contributor?
- Is it necessary for a service to have a user's email address for correspondence such as updates about a grant application? (optional services such as alerting systems that are not part of the core offering would not be considered a good reason for R&S membership).
As a federation, you should be satisfied that the release of personal data is an essential part of the operation of the service (and not purely to activate added features) and that the service in question, whether commercial or not, exists to support research and scholarship as a primary function.
Services that should not be included in this category include:
- e-Journal, ebook or other data access, where content may be accessed based on a users affiliation without a need for personal information
- Services selling products or offering discounts to staff or students based on their affiliation
What attributes should be released as part of R&S?
The Research & Scholarship specification defines a bundles of attributes that Identity Providers are encouraged to release to R&S services:
- personal identifiers: email address, person name, eduPersonPrincipalName
- pseudonymous identifier: eduPersonTargetedID
- affiliation: eduPersonScopedAffiliation
Category support is defined as follows:
An Identity Provider supports the R&S Category if for some subset of the Identity Provider's user population, the Identity Provider releases a minimal subset of the R&S attribute bundle to R&S Service Providers without administrative involvement, either automatically or subject to user consent.
See section 6 of the R&S Entity Category specification for a precise definition of the minimal subset of the R&S attribute bundle.
Are Service Providers allowed to request other attributes?
Service Providers should only request attributes that the service actually uses, so for example if email address is not required by the service it should not be requested. The specification does not explicitly prevent Service Providers from requesting attributes outside the R&S attribute bundle but the expectation is that they should not. R&S works best for both Identity Providers and Service Providers when the bundle is treated as the maximal set of attributes requested. Service Providers requiring more unique / bespoke attribute bundles should talk to the REFEDS community.
What exactly is meant by a "production SAML deployment?"
The following REFEDS R&S requirement:
4.3.1 The Service Provider is a production SAML deployment that supports SAML V2.0 HTTP-POST binding.
may be interpreted as the following pair of requirements:
- The Service Provider supports standard SAML V2.0 Web Browser SSO. In particular, the Service Provider has an endpoint in metadata that supports the SAML V2.0 HTTP-POST binding.
- The Service Provider is a production deployment or one of a group of services that together comprise a production deployment.
The latter includes dev and/or staging instances of the overall Service Provider deployment.