Federation operators who have implemented the Research & Scholarship Category are encouraged to contribute their ideas, experiences, and insight.

Contents

How to Implement the Research & Scholarship Category

Implement an R&S process for SPs:

  1. Develop an R&S application process for SP owners that ensures SPs meeting the registration criteria for R&S (section 4).
  2. Develop an administrative process that determines whether a given SP satisfies the requirements of the REFEDS R&S Entity Category specification.  The seven step programme may be helpful.
  3. Develop a technical process that can add/remove the REFEDS R&S entity attribute to/from SP metadata.
  4. Consider a lightweight audit process for SPs that are tagged with R&S.

Implement an R&S process for IdPs:

  1. Develop documentation that shows how to configure relevant IdP software to release the R&S attribute bundle
  2. Develop an R&S declaration process for IdP operators
  3. Develop a technical process that can add/remove the REFEDS R&S entity attribute to/from IdP metadata

Since IdP operators essentially self-assert support for the R&S category, the IdP process can be completely automated.

Technical Details

<mdattr:EntityAttributes xmlns:mdattr="urn:oasis:names:tc:SAML:metadata:attribute">
  <!-- the RandS entity attribute for SPs -->
  <saml:Attribute
      xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion"
      NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"
      Name="http://macedir.org/entity-category">
    <!-- the REFEDS RandS entity attribute value -->
    <saml:AttributeValue>http://refeds.org/category/research-and-scholarship</saml:AttributeValue>
  </saml:Attribute>
</mdattr:EntityAttributes>



<mdattr:EntityAttributes xmlns:mdattr="urn:oasis:names:tc:SAML:metadata:attribute">
  <!-- the RandS entity attribute for IdPs -->
  <saml:Attribute
      xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion"
      NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"
      Name="http://macedir.org/entity-category-support">
    <!-- the REFEDS RandS entity attribute value -->
    <saml:AttributeValue>http://refeds.org/category/research-and-scholarship</saml:AttributeValue>
  </saml:Attribute>
</mdattr:EntityAttributes>



<afp:AttributeFilterPolicy id="releaseToRandSSPs">

  <afp:PolicyRequirementRule xsi:type="saml:EntityAttributeExactMatch"
      attributeName="http://macedir.org/entity-category"
      attributeValue="http://refeds.org/category/research-and-scholarship"/>

  <!-- attribute rules here -->

</afp:AttributeFilterPolicy>

For brevity, the <afp:AttributeRule> elements have been omitted from the previous configuration element. For details, visit the R&S IdP Config wiki topic.

Resources

  1. REFEDS Research & Scholarship Entity Category specification http://refeds.org/category/research-and-scholarship
  2. Shibboleth IdP V3
    1. EntityAttributeExactMatch Configuration https://wiki.shibboleth.net/confluence/x/OAEnAQ
    2. RegistrationAuthority Configuration https://wiki.shibboleth.net/confluence/x/TAEnAQ
  3. Shibboleth IdP V2
    1. AttributeRequesterEntityAttributeExactMatch Configuration https://wiki.shibboleth.net/confluence/x/vYBX
  4. Shibboleth IdP V2 mdrpi-match-idp-ext https://github.com/ukf/mdrpi-match-idp-ext