Hi Peter,

The intent here is worldwide agreement within FIM4L actually what is the best fit for LexisNexis Advance
and all similar SPs out there. IMHO your suggestion is:
- eduPersonScopedAffiliation (required)
- eduPersonTargetedID (required) 
- Sirtfy support
And rather SAML pairwise-id than eduPersonTargetedID as described in FIM4L recommendations and
REFEDS Pseudonymous Authorisation entity category specification.

I am wondering whether there is an opportunity of employing a Consent-informed Attribute Release system (CAR) [1]
for releasing name and e-mail address with user consent. I can see that French colleagues at least may be interested
in that. 

Best 

              Jiri


1. https://spaces.at.internet2.edu/display/CAR/CAR%3A+Consent-informed+Attribute+Release+system#:~:text=initially%20designed%20to%20be%20a,Consent%2Dinformed%20Attribute%20Release.%22



On Thu, Mar 11, 2021 at 12:03 PM Peter Schober <peter.schober@univie.ac.at> wrote:
* Jiri Pavlik <jiri.pavlik@techlib.cz> [2021-03-11 09:05]:
> I am wondering whether everyone could be fine with following set of
> attributes along with CoCo and Sirtfy entity categories support:
> eduPersonScopedAffiliation (required)
> eduPersonTargetedID (optional)
> givenName  (optional)
> sn   (optional)
> mail  (optional)

Ignoring the fact that ultimately existing bilateral (or consortial)
contracts (here with LN) will always trump what GÉANT CoCo says, note
that CoCo v1 (the only released version that currently exists)
explicitly only covers strictly *required* (isRequired="true" in SAML
Metadata) attributes. It cannot be used for optional data.
  People should also be aware that there is no clear indication that
LexisNexis even intended to adhere to the GÉANT CoCo specification:
All that I've seen so far is RENATER's claim that the LN SP is covered
by CoCo. But CoCo also requires that the Privacy Policy for a SAML SP
adhering to CoCo contains a reference to the GÉANT CoCo and this is
NOT the case with LexisNexis here (not even in the URL referenced in
the RENATER metadata).
  So the CoCo-support of the LexisNexis SP is (1) highly questionable,
IMO, and (2) very likely meaningless in light of actual contracts
governing use of / access to the service.

As to the actual question above: If the service continues to work fine
with only the commonly released minimal set of data (common-lib-terms
or eduPersonScopedAffiliation for authorisation; SAML persistent
NameID or eduPersonTargetedID or SAML pairwise-id for personalisation
functionality) I see no reason to change anything in order to encourge
institutions to send *more* personal data to the publisher.
(And even if we did, what makes LN so special here? Wouldn't we also
have to have this discussion then for every other of the hundreds of
SPs we have for "institutionally licensed e-resource access"?)

Best regards,
-peter
_______________________________________________
FIM4L mailing list
FIM4L@lists.daasi.de
http://lists.daasi.de/listinfo/fim4l