SAFIRE’s Metadata Registration Practice Statement, and the corresponding SAML2 Identity Provider Requirements have been updated to allow for regular expressions in scopes.
This change, which was taken to the SAFIRE Participants Forum last year, has been made to facilitate the increasing use of sub-scopes to provide more granular access control for services such as FigShare. We’re fully aware of the caveats involved in using regular expression scopes, and intend being very conservative about how we approach this. The specific wording in the MRPS is derived from a revision to the REFEDS Metadata Registration Practice Statement template that was widely discussed among the federation operator community.
The addition of support for regular expressions is backwards compatible with the previous version of the MRPS. For this reason, the
<mdrpi:RegistrationPolicy> element of all entities with existing metadata in SAFIRE’s registry may be bumped to signify compliance with the new MRPS.