Migrating an SP to the Global Research and Scholarship Category
This topic is for owners of existing Research & Scholarship (R&S) SPs.
Existing R&S IdPs in the InCommon Federation are currently in the process of migrating to global R&S. New R&S IdPs will be encouraged to support global R&S as well. More importantly, InCommon will soon begin importing the metadata of R&S IdPs from other federations. In anticipation of these events, existing R&S SP owners should begin to develop a migration strategy to global R&S.
All R&S SPs in the InCommon Federation now meet the requirements of the international REFEDS Research & Scholarship Entity Category specification and therefore all R&S SPs have a multivalued R&S entity attribute in InCommon metadata. In that sense, all R&S SPs have successfully migrated to global R&S. However, if an R&S SP depends on the R&S entity attribute in IdP metadata, then additional migration steps are required since the entity attributes in IdP metadata will change as IdPs declare their support for global R&S.
For example, a small number of R&S SPs are known to filter IdP metadata such that R&S IdPs are the only IdPs exposed on the SP's discovery interface. Such an SP is dependent upon the R&S entity attribute in IdP metadata.
An SP deployment that depends on the R&S entity attribute in IdP metadata almost certainly recognizes the legacy incommon.org R&S entity attribute value:
http://id.incommon.org/category/research-and-scholarship
Such an SP may also want to recognize the refeds.org R&S entity attribute value
http://refeds.org/category/research-and-scholarship
since IdPs that support global R&S will necessarily carry the latter in their metadata. Indeed, R&S IdPs from other federations will carry the refeds.org R&S tag exclusively.
An R&S IdP carries a single-valued entity attribute in its metadata
For example, a Shibboleth SP that restricts its discovery interface to R&S IdPs might configure the following:
<!-- The following MetadataProvider attempts to refresh the InCommon production metadata aggregate every hour. --> <MetadataProvider type="XML" url="http://md.incommon.org/InCommon/InCommon-metadata.xml" backingFilePath="InCommon-metadata.xml" maxRefreshDelay="3600" legacyOrgNames="true"> <!-- Verify the signature on the metadata file --> <MetadataFilter type="Signature" certificate="inc-md-cert.pem"/> <!-- Require a validUntil XML attribute on the EntitiesDescriptor element and make sure its value is no more than 14 days into the future --> <MetadataFilter type="RequireValidUntil" maxValidityInterval="1209600"/> <!-- As the refeds.org R&S tag becomes more prevalent, the order of the attributes should be reversed for efficiency. --> <MetadataFilter type="Whitelist" matcher="EntityAttributes"> <saml:Attribute Name="http://macedir.org/entity-category-support" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"> <saml:AttributeValue>http://id.incommon.org/category/research-and-scholarship</saml:AttributeValue> </saml:Attribute> <saml:Attribute Name="http://macedir.org/entity-category-support" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"> <saml:AttributeValue>http://refeds.org/category/research-and-scholarship</saml:AttributeValue> </saml:Attribute> </MetadataFilter> </MetadataProvider>