In order to encourage the clear and consistent operation of federated authentication between Service Providers (such as scholarly publishers), Identity Providers (such as campus IT administrators), and other stakeholder groups (such as librarians), the SeamlessAccess Entity Categories and Attribute Bundles Working Group has proposed three specifications that aim to provide a common set of terms and definitions for use when describing exactly what information should be requested by the Service Provider as well as what should be released (if any) by the institution to enable access to online materials.
These specifications, called Entity Categories, are offered to allow administrators of identity management systems to have easy-to-use configuration guidance that supports appropriate information sharing between parties. These entity categories also offer business units within the institution the opportunity to consider these descriptions as input into their contractual language with Service Providers.
Because these entity categories impact the metadata managed by identity federations, SeamlessAccess has asked REFEDS, the Research and Education Federation community organization, to become the custodians for these entity categories. This includes running the consultation process and managing any subsequent changes to the specifications. NISO will be following this process as well, and will be co-signing these recommended practices as a part of their standards work and work as a member of the SeamlessAccess coalition. All stakeholders in the federated identity management ecosystem are encouraged to offer their comments during this consultation period.
The three entity categories are:
-
Authentication Only - this use case covers authentication only; the Service Provider does not want any attributes (specific pieces of data about an authenticated user) from the Identity Provider, only a confirmation that the authentication was successful.
-
Anonymous Authorization - this use case supports authorization decisions through the sharing of additional information such as entitlement data (e.g., faculty versus student), while keeping the user completely anonymous to Service Providers.
-
Pseudonymous Authorization - this use case supports authentication, authorization, and allows for personalization per Service Provider through the sharing of a per-service user identifier without requesting any personal information such as name or email address.
The public comment period starts on July 6, 2020, and will run for eight weeks until August 31, 2020. Information on how to participate in the consultation is here: https://wiki.refeds.org/display/CON/Consultations+Home. Each entity category has its own consultation page.
NISO will be hosting a webinar on Monday, August 10, 2020, at 10:00 a.m. EDT (14:00 UTC) geared towards librarians and publishers to discuss these entity categories; registration information is available here: http://www.niso.org/events/2020/08/seamless-access-presents-entity-categories-and-attribute-bundles.