Attribute Release Policy v20170811

Changes to the Attribute Release Policy are approved by the SAFIRE Steering Committee. This version reached rough consensus on 11 August 2017 and still needs to be ratified. As a revision to the previous version, it allows affiliation attributes to be released in the default ARP.

Management of attribute release to Service Providers has been delegated to the Federation Operator in terms of the Participation Agreement.

Attribute Release Profiles

Through a community consensus process, the following attribute release profiles have been approved:

Default

The Default release profile used when no other attribute release policy is defined:

Research & Scholarship

The Research & Scholarship release profile used when a service provider is tagged with the research and scholarship entity category (https://refeds.org/category/research-and-scholarship), but no service-specific attribute release policy is specified:

Negotiated

Individual service providers can negotiate a customised attribute release policy on a per-entity basis, based on the principle of minimality — requested attributes must be adequate, relevant, and not excessive.

A list of all supported attributes is available.

Inter-federation

The release profiles above apply irrespective of whether we learn about a service provider via inter-federation (e.g. eduGAIN) or whether they are direct participants. This means that, for example, service providers tagged as meeting the Research & Scholarship requirements by another federation will automatically have our Research & Scholarship release profile applied.

However, in practice, how we apply the Negotiated release profile differs depending on whether we’ve learnt about a service provider via inter-federation or whether they’re a direct participant.

For service providers learnt via inter-federation we are generally willing to negotiate attribute release of any attributes listed in the Research & Scholarship profile provided that at least one participating identity provider has expressed interest in using the service. Service providers who require more attributes than the R&S profile supports may be requested to join the Federation as a direct participant, particularly where those attributes constitute personal information.

South African Identity Federation