Attribute Release Policy v20170728

This revision does not substantively change the ARP, but introduces a section that clarifies its interpretation with respect to inter-federation.

Management of attribute release to Service Providers has been delegated to the Federation Operator in terms of the Participation Agreement.

Attribute Release Profiles

Through a community consensus process, the following attribute release profiles have been approved:

Default

The Default release profile used when no other attribute release policy is defined:

Research & Scholarship

The Research & Scholarship release profile used when a service provider is tagged with the research and scholarship entity category (https://refeds.org/category/research-and-scholarship), but no service-specific attribute release policy is specified:

Negotiated

Individual service providers can negotiate a customised attribute release policy on a per-entity basis, based on the principle of minimality — requested attributes must be adequate, relevant, and not excessive.

A list of all supported attributes is available.

Inter-federation

The release profiles above apply irrespective of whether we learn about a service provider via inter-federation (e.g. eduGAIN) or whether they are direct participants. This means that, for example, service providers tagged as meeting the Research & Scholarship requirements by another federation will automatically have our Research & Scholarship release profile applied.

However, in practice, how we apply the Negotiated release profile differs depending on whether we’ve learnt about a service provider via inter-federation or whether they’re a direct participant.

For service providers learnt via inter-federation we are generally willing to negotiate attribute release of any attributes listed in the Research & Scholarship profile provided that at least one participating identity provider has expressed interest in using the service. Service providers who require more attributes than the R&S profile supports may be requested to join the Federation as a direct participant, particularly where those attributes constitute personal information.

South African Identity Federation