Contributions are welcome!
Federation operators who have implemented the Research & Scholarship Category are encouraged to contribute their ideas, experiences, and insight.
Contents
How to Implement the Research & Scholarship Category
Implement an R&S process for SPs:
- Develop an R&S application process for SP owners
- Develop an administrative process that determines whether a given SP satisfies the requirements of the REFEDS R&S Entity Category specification. The seven step programme may be helpful.
- Develop a technical process that can add/remove the REFEDS R&S entity attribute to/from SP metadata
Implement an R&S process for IdPs:
- Develop documentation that shows how to configure relevant IdP software to release the R&S attribute bundle
- Develop an R&S declaration process for IdP operators
- Develop a technical process that can add/remove the REFEDS R&S entity attribute to/from IdP metadata
Process Automation
Since IdP operators essentially self-assert support for the R&S category, the IdP process can be completely automated.
Technical Details
The global R&S entity attribute for SPs
<mdattr:EntityAttributes xmlns:mdattr="urn:oasis:names:tc:SAML:metadata:attribute"> <!-- the R&S entity attribute for SPs --> <saml:Attribute xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" Name="http://macedir.org/entity-category"> <!-- the REFEDS R&S entity attribute value --> <saml:AttributeValue>http://refeds.org/category/research-and-scholarship</saml:AttributeValue> </saml:Attribute> </mdattr:EntityAttributes>
The global R&S entity attribute for IdPs
<mdattr:EntityAttributes xmlns:mdattr="urn:oasis:names:tc:SAML:metadata:attribute"> <!-- the R&S entity attribute for IdPs --> <saml:Attribute xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" Name="http://macedir.org/entity-category-support"> <!-- the REFEDS R&S entity attribute value --> <saml:AttributeValue>http://refeds.org/category/research-and-scholarship</saml:AttributeValue> </saml:Attribute> </mdattr:EntityAttributes>
A Shib IdP V3 configuration that releases attributes to ALL R&S SPs
<afp:AttributeFilterPolicy id="releaseToGlobalRandSSPs"> <afp:PolicyRequirementRule xsi:type="saml:EntityAttributeExactMatch" attributeName="http://macedir.org/entity-category" attributeValue="http://refeds.org/category/research-and-scholarship"/> <!-- attribute rules here --> </afp:AttributeFilterPolicy>
For brevity, the <afp:AttributeRule>
elements have been omitted from the previous configuration element. For details, visit the R&S IdP Config wiki topic.
Resources
- REFEDS Research & Scholarship Entity Category specification http://refeds.org/category/research-and-scholarship
- Shibboleth IdP V3
- EntityAttributeExactMatch Configuration https://wiki.shibboleth.net/confluence/x/OAEnAQ
- RegistrationAuthority Configuration https://wiki.shibboleth.net/confluence/x/TAEnAQ
- Shibboleth IdP V2
- AttributeRequesterEntityAttributeExactMatch Configuration https://wiki.shibboleth.net/confluence/x/vYBX
- Shibboleth IdP V2 mdrpi-match-idp-ext https://github.com/ukf/mdrpi-match-idp-ext