Management of attribute release to Service Providers has been delegated to the Federation Operator in terms of the Participation Agreement.
Attribute Release Profiles
Through a community consensus process, the following attribute release profiles have been approved:
Default
The Default release profile used when no other attribute release policy is defined:
Research & Scholarship
The Research & Scholarship release profile used when a service provider is tagged with the research and scholarship entity category (https://refeds.org/category/research-and-scholarship), but no service-specific attribute release policy is specified:
- displayName
- eduPersonAffiliation
- eduPersonPrincipalName
- eduPersonScopedAffiliation
- eduPersonTargetedID
- givenName
- schacHomeOrganizationType
- sn
Negotiated
Individual service providers can negotiate a customised attribute release policy on a per-entity basis, based on the principle of minimality — requested attributes must be adequate, relevant, and not excessive.
A list of all supported attributes is available.
Inter-federation
The release profiles above apply irrespective of whether we learn about a service provider via inter-federation (e.g. eduGAIN) or whether they are direct participants. This means that, for example, service providers tagged as meeting the Research & Scholarship requirements by another federation will automatically have our Research & Scholarship release profile applied.
However, in practice, how we apply the Negotiated release profile differs depending on whether we’ve learnt about a service provider via inter-federation or whether they’re a direct participant.
For service providers learnt via inter-federation we are generally willing to negotiate attribute release of any attributes listed in the Research & Scholarship profile provided that at least one participating identity provider has expressed interest in using the service. Service providers who require more attributes than the R&S profile supports may be requested to join the Federation as a direct participant, particularly where those attributes constitute personal information.