Entity Category attribute release in SWAMID

Entity categories is used for data release minimization and scalable attribute release from an Identity Provider within SWAMID to a Service Provider in SWAMID and/or eduGAIN.

If an owner of a Service and the Identity Provider Home Organisation has a bilateral agreement the attribute release can be extended with additional attributes based on the agreement.

Best Practice attribute release based on entity categories

x - Attribute is released if it's available in the Home Organisation Identity Provider.
o - Attribute is released only if requested and required in the metadata for the service and if it's available in the Home Organisation Identity Provider.

AttributSAML2 Attribute IdentifierWithout enitity categoryGÉANT CoCoREFEDS R&SSWAMID R&E

SWAMID SFS-1993-1153




Restriction

Attribute released "only if requested and required" in metadata1.

Note that norEduPersonNIN and personalIdentityNumber has additional restrictions2.


Deprecated and will be removed from 2020-05-01

This entity category is deprecated and will be removed from 2020-05-01. Use REFEDS R&S or GÉANT CoCo instead depending on service. Last use of this entity category is 2020-10-31. No new EntityID will be permitted to use this category from 2019-11-01.

Dependency

SWAMID R&E is used in pair with one of the entity categories SWAMID EU-Adequate-Protection, SWAMID NREN-Service and SWAMID HEI-Service

Deprecated and will be removed from 2020-05-01

This entity category is deprecated and will be removed from 2020-05-01. Use GÉANT CoCo with entity registrar requirements. Last use of this entity category is 2020-10-31. No new EntityID will be permitted to use this category from 2019-11-01.

Restriction

Attributes released only for users with a Swedish personal identity number (sv. personnummer), a Swedish co-ordination number (sv. samordningsnummer) or a organisational student interim identity number (sv. interimspersonnummer)

eduPersonTargetedIDurn:oid:1.3.6.1.4.1.5923.1.1.1.10
ox3

eduPersonPrincipalNameurn:oid:1.3.6.1.4.1.5923.1.1.1.6 oxx 
eduPersonUniqueID4urn:oid:1.3.6.1.4.1.5923.1.1.1.13 oxx 
eduPersonOrcidurn:oid:1.3.6.1.4.1.5923.1.1.1.16 o 
 
norEduPersonNINurn:oid:1.3.6.1.4.1.2428.90.1.5 o2
 x
personalIdentityNumberurn:oid:1.2.752.29.4.13 o2
  
schacDateOfBirthurn:oid:1.3.6.1.4.1.25178.1.2.3 
o


mailurn:oid:0.9.2342.19200300.100.1.3 oxx 
displayNameurn:oid:2.16.840.1.113730.3.1.241 oxx 
cn (commonName)urn:oid:2.5.4.3 o x 
givenNameurn:oid:2.5.4.42 oxx 
sn (surname)urn:oid:2.5.4.4 oxx 
eduPersonAssuranceurn:oid:1.3.6.1.4.1.5923.1.1.1.11 oxxx
eduPersonScopedAffiliationurn:oid:1.3.6.1.4.1.5923.1.1.1.9 oxx 
eduPersonAffiliationurn:oid:1.3.6.1.4.1.5923.1.1.1.1 o   
o (organizationName)urn:oid:2.5.4.10 o x 
norEduOrgAcronymurn:oid:1.3.6.1.4.1.2428.90.1.6 o x 
c (countryName)urn:oid:2.5.4.6 o x 
co (friendlyCountryName)urn:oid:0.9.2342.19200300.100.1.43 o x 
schacHomeOrganizationurn:oid:1.3.6.1.4.1.25178.1.2.9 o x 
schacHomeOrganizationTypeurn:oid:1.3.6.1.4.1.25178.1.2.10 o   


  1. The entity category GÉANT Code of Conduct does not have a specific attribute bundle. Instead of an attribute bundle it uses attribute request in metadata for specific required attributes.
  2. norEduPersonNIN and personalIdentityNumber shall only be released when required by entities registered with in SWAMID (registrationAuthority="http://www.swamid.se/").
    • personalIdentityNumber must only contain Swedish Personal Numbers or Swedish Co-ordination Numbers.
    • norEduPersonNIN can besides  Swedish Personal Numbers and Swedish Co-ordination Numbers also contain Interim Personal Numbers from the student documentation system Ladok and the Swedish national study enrolment system.
  3. eduPersonTargetedID should only be released in with the entity category REFEDS Research & Scholarship if eduPersonPrincipalName is reassignable.
  4. eduPersonUniqueID must be a long term unique identifier that will not be reused. If eduPersonPrincipalName is non-reassignable then eduPersonUniqueID can have the same value as eduPersonPrincipalName.

URI for all entity categories used within SWAMID

Entity categoryUnique identifier
GÉANT CoCohttp://www.geant.net/uri/dataprotection-code-of-conduct/v1
REFEDS R&Shttp://refeds.org/category/research-and-scholarship
SWAMID R&Ehttp://www.swamid.se/category/research-and-educationIs deprecated and will be completely removed 2020-11-01
SWAMID SFS-1993-1153http://www.swamid.se/category/sfs-1993-1153Is deprecated and will be completely removed 2020-11-01
SWAMID EU-Adequate-Protectionhttp://www.swamid.se/category/eu-adequate-protectionIs deprecated and will be completely removed 2020-11-01
SWAMID NREN-Servicehttp://www.swamid.se/category/nren-serviceIs deprecated and will be completely removed 2020-11-01
SWAMID HEI-Servicehttp://www.swamid.se/category/hei-serviceIs deprecated and will be completely removed 2020-11-01


URI for all assurance profiles used within SWAMID



  • No labels