Entity Metadata for the R&S Category
Research & Scholarship (R&S) SPs and IdPs are tagged in metadata with entity attributes. The entity attribute for R&S SPs simply means "I meet the requirements of the R&S category" (as outlined on the SP support page for R&S) while the entity attribute for R&S IdPs means "I support R&S" (as defined on the IdP support page for R&S).
All R&S entity attributes have one of two standard attribute names:
For R&S SPs: http://macedir.org/entity-category
For R&S IdPs: http://macedir.org/entity-category-support
The semantics of the above attribute names are specified by: The Entity Category SAML Entity Metadata Attribute Type (draft-macedir-entity-attribute-00.xml).
There are two possible R&S entity attribute values used in the InCommon Federation:
http://refeds.org/category/research-and-scholarship
http://id.incommon.org/category/research-and-scholarship
The semantics of each entity attribute are described in the following sections.
R&S Entity Attribute for SPs
All R&S SPs satisfy the requirements of the REFEDS R&S Entity Category and therefore every R&S SP carries the refeds.org R&S entity attribute value in its metadata. For backwards compatibility, an R&S SP also carries the legacy incommon.org R&S entity attribute value and therefore every R&S SP has the following multivalued entity attribute in metadata (whitespace and comments added for readability):
<mdattr:EntityAttributes xmlns:mdattr="urn:oasis:names:tc:SAML:metadata:attribute"> <!-- multivalued entity attribute for R&S SPs --> <saml:Attribute xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" Name="http://macedir.org/entity-category"> <!-- the incommon.org R&S entity attribute value --> <saml:AttributeValue> http://id.incommon.org/category/research-and-scholarship </saml:AttributeValue> <!-- the refeds.org R&S entity attribute value --> <saml:AttributeValue> http://refeds.org/category/research-and-scholarship </saml:AttributeValue> </saml:Attribute> </mdattr:EntityAttributes>
The legacy incommon.org R&S entity attribute value is included in SP metadata for backwards compatibility only.
Exporting the R&S entity attribute for SPs to eduGAIN
Note well that the legacy incommon.org R&S entity attribute value shown above is filtered from SP metadata exported to eduGAIN. Only the refeds.org R&S entity attribute value is exported to eduGAIN.
An IdP configuration SHOULD NOT rely on the incommon.org R&S entity attribute value in SP metadata
Recommended configuration options for R&S IdPs are documented elsewhere in this wiki.
An R&S SP that satisfies the requirements of the REFEDS R&S Category is shown in green on the Entity Categories info page.
Note: The InCommon Registrar is authoritative for the above entity attribute. There is nothing an SP owner needs to do to manage this entity attribute.
R&S Entity Attributes for IdPs
IdPs in the InCommon Federation support the Research & Scholarship category in one of two ways:
- Release the R&S attribute bundle to all R&S SPs, including R&S SPs in other federations
- Release the R&S attribute bundle to R&S SPs registered by InCommon only
These mutually exclusive support categories are indicated in IdP metadata by one of two entity attributes.
An IdP that releases attributes to all R&S SPs, including R&S SPs in other federations, has the following entity attribute in metadata (whitespace and comments added for readability):
<mdattr:EntityAttributes xmlns:mdattr="urn:oasis:names:tc:SAML:metadata:attribute"> <!-- entity attribute for IdPs that support R&S SPs globally --> <saml:Attribute xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" Name="http://macedir.org/entity-category-support"> <!-- the refeds.org R&S entity attribute value --> <saml:AttributeValue> http://refeds.org/category/research-and-scholarship </saml:AttributeValue> </saml:Attribute> </mdattr:EntityAttributes>
An IdP that releases attributes to R&S SPs registered by InCommon only has the following entity attribute in metadata (whitespace and comments added for readability):
<mdattr:EntityAttributes xmlns:mdattr="urn:oasis:names:tc:SAML:metadata:attribute"> <!-- entity attribute for IdPs that support R&S SPs registered by InCommon --> <saml:Attribute xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" Name="http://macedir.org/entity-category-support"> <!-- the incommon.org R&S entity attribute value --> <saml:AttributeValue> http://id.incommon.org/category/research-and-scholarship </saml:AttributeValue> </saml:Attribute> </mdattr:EntityAttributes>
The incommon.org R&S entity attribute value in IdP metadata has no meaning outside the InCommon Federation.
Exporting the R&S entity attribute for IdPs to eduGAIN
Although the incommon.org R&S entity attribute value shown above is exported to eduGAIN, it has no recognized semantics outside the InCommon Federation. Only IdPs that release attributes to all R&S SPs globally are recognized as R&S IdPs by the international R&E community.
The fact that the R&S entity attribute in IdP metadata is single-valued has consequences for certain SPs.
The R&S entity attribute in IdP metadata is single-valued
In other words, if an SP deployment is configured to recognize the incommon.org R&S tag in IdP metadata, it should be configured to recognize the refeds.org R&S tag as well.
An R&S IdP that supports global R&S is shown in green on the Entity Categories info page.
Note: The IdP owner is authoritative for the above entity attributes. An IdP indicates its willingness and ability to support R&S by following the steps on the IdP support page for R&S.