"Research and Scholarship" Entity Category FAQ

Where is the official Research and Scholarship definition?

The formal, approved definition of the REFEDS Research and Scholarship (R&S) Entity Category is published on the REFEDS website. (Note that the URI value of the REFEDS entity attribute resolves to the R&S specification.)

What type of resources do you consider "research and scholarship"?

The category definition says that: 

Candidates for the Research and Scholarship (R&S) Category are Service Providers that are operated for the purpose of supporting research and scholarship interaction, collaboration or management, at least in part.

Example Service Providers may include (but are not limited to) collaborative tools and services such as wikis, blogs, project and grant management tools that require some personal information about users to work effectively. This Entity Category should not be used for access to licensed content such as e-journals.

Broadly this means that R&S is intended for platforms and services used by researchers where some sort of collaboration, discussion or interaction is required, making the release of personally identifiable information necessary for the service to work properly.  Think about issues like:

As a federation, you should be satisfied that the release of personal data is an essential part of the operation of the service (and not purely to activate added features) and that the service in question, whether commercial or not, exists to support research and scholarship as a primary function.  

Services that should not be included in this category include:

What attributes should be released as part of R&S?

The Research & Scholarship specification defines a bundles of attributes that Identity Providers are encouraged to release to R&S services:

Category support is defined as follows:

An Identity Provider supports the R&S Category if for some subset of the Identity Provider's user population, the Identity Provider releases a minimal subset of the R&S attribute bundle to R&S Service Providers without administrative involvement, either automatically or subject to user consent.

See section 6 of the R&S Entity Category specification for a precise definition of the minimal subset of the R&S attribute bundle.

Are Service Providers allowed to request other attributes?

Service Providers should only request attributes that the service actually uses, so for example if email address is not required by the service it should not be requested. The specification does not explicitly prevent Service Providers from requesting attributes outside the R&S attribute bundle but the expectation is that they should not. R&S works best for both Identity Providers and Service Providers when the bundle is treated as the maximal set of attributes requested. Service Providers requiring more unique / bespoke attribute bundles should talk to the REFEDS community.

What exactly is meant by a "production SAML deployment?"

The following REFEDS R&S requirement:

4.3.1 The Service Provider is a production SAML deployment that supports SAML V2.0 HTTP-POST binding.

may be interpreted as the following pair of requirements:

The latter includes dev and/or staging instances of the overall Service Provider deployment.