In Focus Trust and identity

REFEDS Community Announces Publication of New Entity Categories

The REFEDS Community is happy to announce the publication of the Anonymous Authorization and Pseudonymous Authorization Entity Categories.  The Categories were developed under the auspices of SeamlessAccess who approached REFEDS to host and publish the categories.

Entity Categories are tools used by SAML entities to help flag or demonstrate their compliance to a particular type of behaviour – such as the REFEDS Research and Scholarship Entity Category, which allows Service Providers to demonstrate that they have a legitimate need for a very small set of personal data in order to support user’s access to educational and research services.

SeamlessAccess identified a need for a way to flag that providers very strictly did not want to receive personal information and to decrease the complexity for both Identity and Service Providers by having consistent and clear guidelines regarding attribute release. Regulations such as the GDPR make it clear that personal data should not be sent to services unless they can demonstrate a need for processing the information, yet providers were seeing personal information being sent as a default by organisations running SAML Identity Providers.

The Anonymous and Pseudonymous Authorization Entity Categories will make it easy for Service Providers to indicate that they do not want more information than the affiliation of a user (anonymous) or affiliation and a uni-directional identifier (pseudonymous).  It is also possible to pass non-personal entitlements that groups of users might have – like the ability to access e-journal subscriptions (common-lib-terms).  The categories also give Identity Providers an easy path to configure release of information to such providers, ensuring that unnecessary personal data is not distributed.

Jason Griffey (NISO) commented that:

“This work not only feeds other aspects of the SeamlessAccess Project such as our work on Contract Language for library use, but also provides a model for other Entity Category workflows for use in Federated Authentication moving forward. This is a good example of technical standards providing needed abilities to systems, and we look forward to seeing how these are used.”

The specifications are now published on the REFEDS website and are ready for use by Federations, Identity Providers and Service Providers.  For more information please reach out to REFEDS or your local federation operator.

About REFEDS: REFEDS (Research and Education Federations) is an international community addressing the need of existing and emerging identity federations in the education and research sector worldwide to collaborate on policy issues.

About SeamlessAccess: SeamlessAccess.org is a service designed to help streamline the online access experience for researchers using scholarly collaboration tools, information resources, and shared research infrastructure. This service is governed as a coalition between four organizations: GÉANT, Internet2, the National Information Standards Organization (NISO), and the International Association of STM Publishers. Participants include researchers, service providers, libraries, identity providers, and federation operators.

Tags