leifj / academia-category Goto Github PK

any organization explicitly denoted as an academic institution by a government entity in the jurisdiction where the claim of being an academic institution is made.

Add "government entity or recognised accrediting body".

The overview section says this category is intended to:

"...annotate those member identity providers that represent academic institutions, in order to distinguish them from identity providers that are not able to claim any affiliation with the international research and education community."

However, the definition section sets the bar for degree-granting institutions at ISCED level 6. There are a number of level 5 degree-granting institutions in the US ("community colleges") that have faculty that contribute to national and international research projects, and may be funded by agencies such as the NSF. I'm concerned that the cut-off at level 6 may cause IdPs with participants in international research to be hidden from discovery.

is point 3 - "the institution is a research hospital, library or archive." meant to mean "research hospital, research library, or research archive", or what it says on the tin? Rhys Smith.

"Research and Education Federations are encouraged to use the REFEDS Academia Entity Category to annotate those member identity providers that represent academic institutions."

Scope the category not to be "are you academic?", but "should you be trusted to assert academically-oriented data about users"?

Maybe add URL/link to eduPerson 201602 reference, http://software.internet2.edu/eduperson/internet2-mace-dir-eduperson-201602.html

Section 4: Specifically a relying party SHOULD NOT assume that an attribute assertion received from an Identity Provider.

"than an assertion received" – i.e., remove "attribute ", "assertion" alone suffices.

In section 2, item 5, the phrase "government entity" is duplicated. See #25

Specifically a relying party SHOULD NOT assume that an attribute assertion received from an identity provider with the academia entity category represents a Subject (as defined in [SAMLCore]) with any particular affiliation to the organization on behalf of which the identity provider is operated. Conversely, the absense of the academia category does not mean that the identity provider does not in fact represent one or more academic institution. Submitted by Eric Goodman to the REFEDS consultation

Change text as shown:

An identity provider MUST NOT be annotated with the academia entity category unless it is being operated

by or

on behalf of and by contract with at least one organisation represented by a legal entity in good standing in the community of other academic institutions **THAT** fulfills at least one of the criteria below:

Research Hospitals are organizations present at least in Italy and France. I propose to list them under the current academic organizations. Though, I don't know if it is better to have a "teaching or research hospital" item, or just add them as a new item.

They differ from teaching hospitals in that they do not offer courses on their own, nor they can award academic degrees, though they provide laboratories and internships for researchers, and they can host courses with special agreements with Universities (but that it is not always the case).

A broad definition that cover both the Italian and the French case is:
Health and research centers where doctors and researchers conduct highly specialized health related researches and patients can get special treatments.

Currently the term "researchHospital" is employed for schacHomeOrganizationType in both the Italian and the French Identity Federations:
urn:schac:homeOrganizationType:int:researchHospital

Davide Vaghetti (Consortium GARR)

section 5. "Failure to do so MUST result in revocation of the entity’s membership in the category." Who makes the decision to revoke? "Failure to do so MUST result in the registrar revoking revocation of the entity’s membership in the category."

Should this imply to release this attribute always to all SPs, including to publishers that are happy with only 'common-lib-terms'? Why should just the IdPs need to do something and not the SPs?
SPs that want to get the scopedAffiliation should either require this attribute in metadata or include a new (to-be-defined in this spec) EC value in metadata. How should the Identity Provider’s registrar perform this mandatory check? Would a statement by the IdP administrator be sufficient ?

From Thomas Leggenhager

How about adding "5.3.3 The Identity Provider releases the eduPersonScopedAffiliation attribute, on request." So that the request can include metadata and inline attribute requests.

From Brook Schofield

Better use this one, it is more specific as the current ISCED link that redirects:
http://uis.unesco.org/en/topic/international-standard-classification-education-isced

I know of one, maybe two use cases where the definition in 2, section 2 permits IdPs that allow accounts to be created arbitrarily, much like a guest IdP, to be tagged with this category when I think it should not be.

To permit the tag to be issued, I propose that an IdP MUST pass muster on the follow questions:

• is this IdP able to assert identity of equal calibre as the other IdPs in the federation?
• are the policies that such an IdP of sufficiently equal to support the assessment of the aforementioned question? (e.g. does said IdP do sufficient identity proofing?)

Institutions are the underwriters of the identities that they mint. At the end of the day they are ultimately accountable to the behaviour and discipline(if required) on the account. If there is something OTHER than an institution minting identities, how can they be assigned the academia category if they do not have the same strength and relationship to the accountability of the accounts they mint?

I would recommend some additional criteria to back the academia category to reflect this.

Under section 5 only requirements for Identity Providers are defined but normally an IdP uses Entity Support Category not Entity Category. Is this per design or only a mistake? Pal Axelsson.

Comment from Rhys Smith: "normally an IdP uses Entity Support Category not Entity Category" - is correct, but only by coincidence. An entity that has a specific categorisation has an entity category. It just so happens that so far, all categorisations have been for SPs, and so the IdPs have the ESC. This is a categorisation about an IdP, so it's right the IdP has an EC. If there was a corresponding ESC, it would be assigned to the SP that supports that IdP EC. Propose dropping ECS text.

Comment from Peter Schober: https://refeds.org/category/hide-from-discovery is an(other) existing Entity Category for IDPs.

5.4. additional recommendations

5.4.1 It is RECOMMENDED that IdP releases a unique, persistent and not targeted ID to Service Providers that support and display in their metadata the Research and Scholarship Entity Category [R&S]

...

6. References

add:
[R&S] REFEDS Research and Scholarship Entity Category v1.3 Sept. 2016 see https://refeds.org/category/research-and-scholarship.

Peter Geitz.

Include a registration criteria section akin to the R&S section.

Given that the REFEDS website now does https by default, should this be https://refeds.org/category/academic-institution. Guy Halse.

Comment from Peter Schober: For consistency with existing/published categories I'd stay with http..

can we use a dash rather than an underscore in the URI to be consistent with R&S and hide-from-discovery please?

Is 'teaching hospital' well enough defied?

Wikipedia says: 'A teaching hospital is a hospital or medical center that provides clinical education and training to future and current health professionals'

Do we need to restrict that to health professionals who aim for a degree at level 6 (or higher) according to ISCED 2011 in analogy to 1)?
Or do we also want to include hospitals that 'only' train health professionals who aim for a degree at level 3 or 4?

Academia Identity Providers MUST resolve issues of non-compliance within a reasonable period of time from when they become aware of the issue. Failure to do so MUST result in revocation of the entity’s membership in the category.