Following extensive consultation and review, the REFEDS Steering Committee has ratified version 1.3 of the REFEDS Research and Scholarship Entity Category and the specification was published on the REFEDS website on 8th September 2016.
The Research and Scholarship Entity Category (R&S) is at the forefront of efforts by the REFEDS community to better support the secure flow of attributes between Identity Providers and Service Providers. The first REFEDS R&S was published on 28th April 2014. Since this time, we have seen the category adopted by 16 federations and in use by 129 Identity Providers and 115 Service Providers.
R&S was one of the first implementations by REFEDS of the SAML Entity Category Types approach and addressed a complex area of requirements. As deployments have increased, issues with the text for R&S were identified. The review process set out to identify areas where clarifications could be added to the text and description without changing the essential meaning of R&S or the requirements that it places on Federation Operators, Identity Providers or Service Providers.
The new text provides the following clarifications:
- Clarification of the use of RequestedAttributes with R&S.
- A detailed explanation of the R&S attribute bundle and how to implement.
- Provides clarity on support multiple different identifiers and name attributes.
- Specific and detailed sections for implementation by both Service Providers and Identity Providers.
As part of the review process, the FAQ for Research and Scholarship has also been updated.
The REFEDS community supported the change proposals as clarifications to the specification. Federation Operators are encouraged to share this announcement with their members and ask them to review the clarifications to make sure their understanding of R&S is correct and interpreted correctly into implementations.
As the identity federation community evolves and grows, so does our ability to support the complex requirements of attribute release. The next steps for the REFEDS community in this space is to start planning a version 2.0 of R&S that will introduce different approaches to release requirements inline with the maturing needs of our users.