Välkomna till Sunetdagarna 1-4 april på LNU i Växjö.

För program och anmälan se Sunetdagarna våren 2019.

Entity Categories for Identity Providers

This is a set of entity-support-categories and entity-categories (http://macedir.org) for Identity Providers in use by SWAMID.

Entity Categories is registered in the Identity Provider Metadata within the SWAMID Metadata and not localy in the Identity Provider.

For a suggestion on how to consume and process 4.1 Entity Categories for Service Providers in an Identity Provider look at the page Example of a standard attribute filter for Shibboleth IdP.

All entity categories (as well as other information) on services in SWAMID can be found at 4.1 Entity Categories for Service Providers.

Entity Support Categories

An identity Provider marked with an entity support category for an explicit entity category is signaling that this IdP follows the intended use of the entity category.

REFEDS Research and Scholarship Entity Category Support

entity-support-category URI

http://refeds.org/category/research-and-scholarship

eduGAIN enabledYes

Definition

The REFEDS Entity Category Research and Scholarship (R&S) supports research and scholarship interaction, collaboration or management as an essential Component with release of mostly harmless attributes. For more information please see REFEDS Entity Category Research and Scholarship.

R&S is used in the eduGAIN interfederation to make services available to users of the higher education institution around the world. The R&S makes it possible to automatically release mostly harmless attributes to Service Providers within the higher educational sector. The expected IdP behaviour is to release the Service Provider required subset of the R&S Category Attributes (eptid, eppn, email, displayName, surname, given name and scoped affiliation). The requested subset of attributes for a specific service is defined in metadata. There is furthermore an identity provider entity support category that should be registered for all IdP that supports the R&S Category that can be used for filter purpose in a discovery service.

Example of services that uses the entity category includes (but are not limited to) collaborative tools and services such as wikis, blogs, project and grant management tools that require some personal information about users to work effectively.  This Entity Category should not be used for access to licensed content such as e-journals.

Process for applying for tagging an identity provider with entity support category for REFEDS Research and Scholarship

For an identity provider to be tagged with R&S it must contact the federation that it has registered with. If the identity provider is registered within the SWAMID federation the identity provider operator sends an e-mail to operations@swamid.se with a formal request. Please note that SWAMID Operations use the results in SWAMID Test utility for verifying your IdPs category compliance for verification. Run the compliance test before you send the request.

The request must contain the following information:

  • A statement that the identity provider releases attributes as described in the entity category REFEDS Research and Scholarship.

Upon receiving a request SWAMID operations will respond within two weeks.

GÉANT Dataprotection Code of Conduct Entity Category Support

entity-support-category URI

http://www.geant.net/uri/dataprotection-code-of-conduct/v1

eduGAIN enabledYes

Definition

The GÉANT Data protection Code of Conduct (CoCo) defines an approach at a European level to meet the requirements of the European Union Data Protection Directive for releasing mostly harmless personal attributes to a Service Provider (SP) from an Identity Provider (IdP). For more information please see GEANT Data Protection Code of Conduct.

CoCo is used in the eduGAIN interfederation to make services available to users of European higher education institutions. The CoCo makes it possible to automatically release mostly harmless attributes to Service Providers which fulfill the EU Data Protection Directive. The expected IdP behaviour is to release the Service Provider required subset of the attributes eptid, eppn, email, displayName, scoped affiliation and schacHomeOrganization. The required subset of attributes for a specific service is defined in the mandatory Service Provider Privacy Policy. There is furthermore an identity provider entity support category that should be registered for all IdP that supports the R&S Category that can be used for filter purpose in a discovery service.

Process for applying for tagging an identity provider with entity support category for GÉANT Dataprotection Code of Conduct

For an identity provider to be tagged with CoCo it must contact the federation that it has registered with. If the identity provider is registered within the SWAMID federation the identity provider operator sends an e-mail to operations@swamid.se with a formal request. Please note that SWAMID Operations use the results in SWAMID Test utility for verifying your IdPs category compliance for verification. Run the compliance test before you send the request.

The request must contain the following information:

  • A statement that the identity provider releases attributes as described in the entity category GÉANT Dataprotection Code of Conduct.

Upon receiving a request SWAMID operations will respond within two weeks.

Other Entity Categories

REFEDS Hide From Discovery

entity-category URI

http://refeds.org/category/hide-from-discovery

eduGAIN enabledYes

Definition

The Hide From Discovery entity category is a category of Identity Providers that are intended not to be shown on discovery interfaces by default. For more information please see REFEDS Hide From Discovery Entity Category.

The Hide from Discovery entity category is used for Identity Providers that should not be shown on discovery interfaces by default. Example of Identity Providers that will use this entity category are new identity providers in pre-production tests. The SWAMID and NORDUnet discovery services support this entity category.

Process for applying for tagging an identity provider with entity category Hide From Discovery

For an identity provider to be tagged with Hide From Discovery it must contact the federation that it has registered with. If the identity provider is registered within the SWAMID federation the identity provider operator sends an e-mail to operations@swamid.se with a formal request.

Upon receiving a request SWAMID operations will respond within two weeks.