Versions Compared

Old Version 5

changes.mady.by.user Niels van Dijk

Saved on

compared with

New Version 6

changes.mady.by.user Niels van Dijk

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

REFEDs identify 4 types of specifications:

  • Entity Category
  • Entity Attribute
  • Profile
  • Metadata Extension
  • Framework

...

  • , defined in RFC8409, are metadata 'labels' applied to either identity providers or services which may be used under certain conditions, as described in the Entity Category specification, to indicate a grouping of entities. Entity Categories may be used to signal commonly used attribute requirements, or commitment to a certain set of behavioural rules.
  • Entity Attribute are metadata labels applied to either identity providers or services to signal assurance certifications.
  • Profiles, which define a standard to signal certain behaviour in a federated authentication transaction, and how to respond to such a request.
  • Metadata Extension, provide an extention to existing metadata profiles.
  • Frameworks, are currenlty basically assurance frameworks, which provide a structured means of describing or defining the main sources of assurance provided within the federation by the member entities of the federation itself.






  • An entity category may be used to expres a certain behaviour from the entity, or compliance to certain commonly understood policy. For example in R&S: "Service Providers that are operated for the purpose of supporting research and scholarship interaction, collaboration or management, at least in part". Such Entity Categories may be very usefull as these can be used to inform issuers and user about the verifiers intentions. If an entity category is asserted by the

...

specification nametypeApplies
to		Asserted
by		Attribute
profile		Entity behavioural rulesAttribute requirementsProtocol
Specific requirements
Research and Scholarship (R&S) v1.3Entity CategorySPRegistrar(tick)
  • operated for the purpose of supporting research and scholarship interaction, collaboration or management, at least in part
  • not be used for access to licensed content 
  • will not use attributes for purposes that fall outside of the service definition
  • shared user identifier
  • person name
  • email address
  • affiliation (optional)
  • Section 4.3.1
  • Section 4.3.3
  • Section 5 (moving mention of <md:RequestedAttribute> mechanism to SAML 2.0 specificpart of section 5 would already suffice)
  • Section 6 (SAML specific example and identifier handling)
  • Section 7 (SAML example)
Research and Scholarship (R&S) v1.3Entity CategoryIdPIdP(tick)
  • will release attribute bundle attributes to R&S Service Providers for a significant subset of user polulation
  • persistent, non-reassigned, non-targeted identifier
  • shared user identifier
  • person name
  • email address
  • affiliation (optional)
^^^
Hide From Discovery v.1Entity CategoryIdPIdP


  • Use of SAML specific terms like IdP and SP
  • Section 5: SAML specific example
Anonymous Access v.2Entity CategorySPRegistrar(tick)
  • proof of successful authentication [ only ]
  • signaling that they do not wish to receive personalized data
  • organization
  • affiliation (optional if no affiliation exists)
  • Section 4, RC3
  • Section 5 (extention already possible)
  • Section 7
  • Section 8
Anonymous Access v.2Entity CategoryIdPIdP(tick)
  • release all required attributes in the bundle for a significant subset of user polulation
  • organization
  • affiliation (optional if no affiliation exists)
^^^
Pseudonymous Access v.2Entity CategorySPRegistrar(tick)

  • Section 4, RC3
  • Section 5 (extention already possible)
  • Section 7
  • Section 8
Pseudonymous Access v.2Entity CategoryIdPIdP(tick)
  • release all required attributes in the bundle for a significant subset of user polulation


Personalized Access v.2Entity CategorySPRegistrar(tick)


Code of Conduct v.2Entity Category and Best Practice





Sirtfi v1 & v2Entity AttributeSPSP



...