01
April
2024

InCommon Federation Community Consultation through April 30: Deployment Guidance for REFEDS Access Entity Categories 

Subscribe for more like this

Share

Estimated reading time: 3 minutes

By Albert Wu, InCommon Federation Manager

I am pleased to announce an InCommon Federation community consultation of the Deployment Guidance for REFEDS Access Entity Categories. This consultation is open through April 30, 2024 at 5 p.m. PDT. (You’ll need to sign into the Internet2 wiki to post your feedback, and we hope you will.)

Incommon federation logo

Facilitating Privacy-Preserving User Information Release in Federated Transactions

In 2023, REFEDS published the latest revisions of three attribute release entity categories designed to facilitate privacy-preserving, standard, and streamlined user information release in federated transactions. These are Anonymous Access, Pseudonymous Access, and Personalized Access categories. Together, we refer to them as the REFEDS Access Entity Categories.

The InCommon Federation (InCommon) encourages the widespread adoption of these categories when requesting and releasing user information in federated transactions. To that end, the InCommon Technical Advisory Committee’s SAM2Int/Entity Category Deployment Guidance Working Group has produced deployment guidance to aid the InCommon Federation community in adopting the REFEDS Access Entity Categories.

Two Recommendations for Using the REFEDS Access Entity Categories

The InCommon Federation (InCommon) endorses and strongly encourages the widespread adoption of these categories when requesting and releasing user information in federated transactions. Specifically, InCommono recommends two ways to use these categories: 

  1. Adopt the categories as intended – These entity categories are designed to facilitate streamlined access to resources by allowing an identity provider (IdP) to configure automatic attribute release to any qualifying service provider (SP) in the federation. We recommend all InCommon IdP’s to support these categories. We also recommend that whenever possible, all InCommon service providers declare their attribute requirements using one of these 3 categories. 
  1. Use these categories as default attribute bundles – Where automatic attribute release isn’t feasible, we recommend that IdPs use the attribute bundles defined in these categories as default attribute bundle templates in their IAM integration process. An SP in the federation should always support attributes defined in these bundles when integrating with InCommon identity providers.

Certainly, there’s more to discuss and explore beyond these high-level recommendations. We are aware that the InCommon community will likely need additional detailed guidance. A new TAC working group is forming to develop these additional materials. We welcome your input and participation then and now through this community consultation.

A Forum for Your Feedback

The deployment guidance contains proposed recommendations and clarifications aimed to widen these categories’ adoption across InCommon Federation. You’ll find the guidance here: Consultation for REFEDS Access Entity Categories Deployment Guidance

This consultation is open through April 30, 2024 at 5 p.m. PDT.  You’ll find the proposed materials, as well as a feedback log, at the link noted above. Please sign into the Internet2 wiki to post your feedback. We look forward to receiving it.

ICYMI