In order for Service Providers (SPs) in identity federations like the Canadian Access Federation (CAF) to recognize users of their services, they require common sets of user attributes from Identity Providers (IdPs). All federation SPs are already bound by a set of practices governing how they manage and use personal attributes.
Entity Categories facilitate IdP policy decisions to release a controlled set of low-risk attributes to all SPs, based on the criteria detailed in each Entity Category specification. This simplifies the management of IdPs’ Attribute Release Policies and eliminates the need to administer the review of each SP added to the category in the future. Entity Categories enable scale for thousands of campus IdPs and SPs, greatly improving collaboration for researchers and students.
What are Entity Categories?
IdPs and SPs are generally referred to as ‘entities’ within the CAF Federated Identity Management (FIM) solution. Groups of entities with identical system behaviours, information requirements, and security or privacy interests may be identified by an Entity Category. Entity Categories allow IdPs and SPs to signal their supported categories to each other, and to recognize entities belonging to the same categories.
Benefits of Entity Categories
By supporting Entity Categories, IdPs and SPs can reduce and simplify the amount of configuration required for new entities and enjoy increased levels of interoperability. By supporting Entity Categories, federation operators including CAF, can increase adoption of federated services, improving the experience of all users.
The pan-European Research and Education Network, GÉANT, has defined the global standards for Entity Categories through its Research and Education Federations (REFEDS) group. CAF publishes the list of Entity Categories supported by each participant for reference during the planning of service integration work.