Overview
The REFEDS Steering Committee has approved the launch of a consultation on the adoption of the Academic Institution Entity Category by REFEDS. This updates and improves on a previous proposal for an Academia Entity Category.
The Consultation starts on 24th November 2017 and closes on 8th January 2018 (17:00 CET). Participants are invited to review the full text and make change proposals in the table below, via issues on the github repository or by email to the REFEDS Coordinators and to express their support / dissension for the category. It is recommended that you also read the prepared notes on the original proposal and the previous consultation. Discussion is invited at: consultations@lists.refeds.org.
The main changes in the new proposal are:
- Definition as Academic Institution rather than Academia.
- Lower ISCED to level 5.
- Introduced research hospitals.
- Introduced a registration criteria section.
- Better linking to affiliation statements.
The proposed text for the category is available at: https://github.com/leifj/academia-category/blob/master/academia-entity-category.md.
The notes are available at: Academic-Academia.
All comments should be made on: consultations@lists.refeds.org or added to the change log below. Comments posted to other lists will not be included in the consultation review.
Statements of Support / Dissension
As this category has been contentious in the community, we are asking for organisations to express their support or dissension below to allow us to gauge the appropriateness of REFEDS adopting this approach.
| Name | Organisation | Reason |
|---|---|---|
Change Log
Change Log for the Consultation on the Academia Entity Category. The Consultation starts on 20th November 2017 and closes on 8th January 2018 (17:00 CET). Please fill in your proposed changes to Academia Category below or add them as issues on the github repository.
Number | Current Text | Proposed Text / Query | Proposer | Action |
|---|---|---|---|---|
| 1 | 5.3.3 The Identity Provider releases the eduPersonScopedAffiliation attribute. | Should this imply to release this attribute *always* to *all SPs*, including to publishers that are happy with only 'common-lib-terms'? Why should just the IdPs need to do something and not the SPs? | Thomas Lenggenhager (SWITCH) | https://github.com/leifj/academia-category/issues/26 Change to make the registration criteria "the Identity Provider commits to releasing appropriate required attributes to Service Providers". Pull request submitted. |
| 2 | http://refeds.org/category/academic-institution | Given that the REFEDS website now does https by default, should this be https://refeds.org/category/academic-institution Comment from Peter Schober: For consistency with existing/published categories I'd stay with http. | Guy Halse (SAFIRE) | https://github.com/leifj/academia-category/issues/27 as MFA is https, no harm in changing. added to github. |
| 3 | 5.3.3 The Identity Provider releases the eduPersonScopedAffiliation attribute. | How should the Identity Provider’s registrar perform this mandatory check? Would a statement by the IdP administrator be sufficient ? | Thomas Lenggenhager (SWITCH) | https://github.com/leifj/academia-category/issues/26 See solution for point 1. Pull request submitted. |
| 4 | 3. The following URI is used as the attribute value for the Entity Category... | Under section 5 only requirements for Identity Providers are defined but normally an IdP uses Entity Support Category not Entity Category. Is this per design or only a mistake? Comment from Rhys Smith: "normally an IdP uses Entity Support Category not Entity Category" - is correct, but only by coincidence. An entity that has a specific categorisation has an entity category. It just so happens that so far, all categorisations have been for SPs, and so the IdPs have the ESC. This is a categorisation about an IdP, so it's right the IdP has an EC. If there was a corresponding ESC, it would be assigned to the SP that supports that IdP EC. Propose dropping ECS text. Comment from Peter Schober: https://refeds.org/category/hide-from-discovery is an(other) existing Entity Category for IDPs. | Pål Axelsson (SWAMID) | https://github.com/leifj/academia-category/issues/28 Remove reference to Entity Category Support. Pull request submitted. |
| 5 | 5.3.3 The Identity Provider releases the eduPersonScopedAffiliation attribute. | I would say that the behaviour of releasing euPersonScopedAffliliation to all SPs is not privacy by design as described in GDPR. It's a step away from data minimisation. euPersonScopedAffliliation is personal data even though it is not unique personal data. | Pål Axelsson (SWAMID) | See TL comment. See solution for point 1. Pull request submitted. |
| 6 | Add to section 5 | 5.4. additional recommendations 5.4.1 It is RECOMMENDED that IdP releases a unique, persistent and not targeted ID to Service Providers that support and display in their metadata the Research and Scholarship Entity Category [R&S] ... 6. References add: [R&S] REFEDS Research and Scholarship Entity Category v1.3 Sept. 2016 see https://refeds.org/category/research-and-scholarship | Peter Geitz (DAASI) | https://github.com/leifj/academia-category/issues/29 Agreed that cross-referencing specs is not a good idea. Principle met to some extent in solution for point 1. |
| 7 | Section 2 | is point 3 - "the institution is a research hospital, library or archive." meant to mean "research hospital, research library, or research archive", or what it says on the tin? | Rhys Smith (Jisc) | https://github.com/leifj/academia-category/issues/30 Clarification accepted - add pull request on issue. Pull request submitted. |
| 8 | 5.3.3 | how does a registrar check if an IdP releases ePSA? | Rhys Smith (Jisc) | See TL comment See solution for point 1. Pull request submitted. |
| 9 | section 5. "Failure to do so MUST result in revocation of the entity’s membership in the category." Who makes the decision to revoke? | "Failure to do so MUST result in the registrar revoking | Mikael Linden (CSC) | Clarification accepted. Added to refeds fork. |
| 10 | Regarding #1, #3 & #8 on 5.3.3 | How about adding "5.3.3 The Identity Provider releases the eduPersonScopedAffiliation attribute, on request." So that the request can include metadata and inline attribute requests. | Brook Schofield | See comments above. Clarification accepted, moved forward with point 1. Pull request submitted. |
| 11 | Academic vs Academia |
| Brook Schofield | https://github.com/leifj/academia-category/issues/32 Clarification accepted. Added to github. |
| 12 | Attribute Authorities | The document only talks about Identity Providers. I guess we should also be concerned about Attribute Authorities (whether "co-located" with an IDP or stand-alone) asserting those same attributes? | Peter S. | Noted but seen as non-solvable with current status. |
| 13 | Add Link | Maybe add URL/link to eduPerson 201602 reference, http://software.internet2.edu/eduperson/internet2-mace-dir-eduperson-201602.html | https://github.com/leifj/academia-category/issues/34 Clarification accepted. Added to github. | |
| 14 | Reference | The reference [AcademicInstitutionWikipedia] is unused | Review and accept. Added to github. | |
| 15 | Section 4: Specifically a relying party SHOULD NOT assume that an attribute assertion received from an Identity Provider | "than an | https://github.com/leifj/academia-category/issues/33 Review and accept Added to github. |
Other Comments / Observations
Editorial/minor comments:
- Maybe add URL/link to BCP 14 reference, https://www.rfc-editor.org/info/bcp14
- Maybe add URL/link to eduPerson 201602 reference, http://software.internet2.edu/eduperson/internet2-mace-dir-eduperson-201602.html
- The reference [AcademicInstitutionWikipedia] is unused
- At the end of section 5 there's an instance of "Academia Identity Providers" left.
- "than an
attributeassertion received" – i.e., remove "attribute ", "assertion" alone suffices.