Versions Compared

Old Version 57

changes.mady.by.user trscavo@internet2.edu

Saved on

compared with

New Version 58

changes.mady.by.user trscavo@internet2.edu

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

All R&S SPs satisfy the requirements of the REFEDS R&S Entity Category and therefore every R&S SP carries the refeds.org R&S entity attribute value in its metadata. For backwards compatibility, an R&S SP also carries the legacy incommon.org R&S entity attribute value as well and therefore every R&S SP has the following multivalued entity attribute in metadata (whitespace added for readability):

...

Warning
titleAn IdP configuration SHOULD NOT rely on the incommon.org R&S tag in SP metadata
Use of the legacy incommon.org R&S tag to configure attribute release policy at the IdP is deprecated. Eventually this tag will be removed from all SP metadata although a timeline for doing so has not yet been determined.

Recommended configuration options for R&S IdPs are documented elsewhere in this wiki.

...

R&S Entity Attributes for IdPs

IdPs

...

in the InCommon Federation support the Research & Scholarship category in one of two ways:

  1. Release the R&S attribute bundle to all R&S SPs, including R&S SPs in other federations
  2. Release the R&S attribute bundle to R&S SPs registered by InCommon only

These mutually exclusive support categories are indicated in IdP metadata by one of the following entity attributes (resp.).

An IdP that releases attributes to all R&S SPs, including R&S SPs in other federations, . Such an IdP has the following entity attribute in metadata metadata (whitespace added for readability):

Code Block
titleAn entity attribute for IdPs that support all R&S SPs registered by InCommon onlyglobally
<mdattr:EntityAttributes xmlns:mdattr="urn:oasis:names:tc:SAML:metadata:attribute">
  <!-- entity attribute for IdPs that support R&amp;S SPs registeredglobally by InCommon -->
  <saml:Attribute
      xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion"
      NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"
      Name="http://macedir.org/entity-category-support">
    <!-- the incommonrefeds.org R&amp;S entity attribute value -->
    <saml:AttributeValue>
      http://id.incommonrefeds.org/category/research-and-scholarship
    </saml:AttributeValue>
  </saml:Attribute>
</mdattr:EntityAttributes>

An IdP that releases attributes to all R&S SPs , including R&S SPs in other federations, registered by InCommon only has the following entity attribute in metadata metadata (whitespace added for readability):

Code Block
titleAn entity attribute for IdPs that support all R&S SPs globallyregistered by InCommon only
<mdattr:EntityAttributes xmlns:mdattr="urn:oasis:names:tc:SAML:metadata:attribute">
  <!-- entity attribute for IdPs that support R&amp;S SPs registered globallyby InCommon -->
  <saml:Attribute
      xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion"
      NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"
      Name="http://macedir.org/entity-category-support">
    <!-- the refedsincommon.org R&amp;S entity attribute value -->
    <saml:AttributeValue>
      http://refedsid.incommon.org/category/research-and-scholarship
    </saml:AttributeValue>
  </saml:Attribute>
</mdattr:EntityAttributes>

...

Warning
titleThe R&S entity attribute in IdP metadata is single-valued
An SP that depends on the R&S entity attribute in IdP metadata must take into account the fact that an R&S IdP will carry either the incommon.org R&S tag or the refeds.org R&S tag but not both.

...