...
If an owner of a Service and the Identity Provider Home Organisation has a bilateral agreement the attribute release can be extended with additional attributes based on the agreement.
Please note that the old entity categories SWAMD Research and Education and SWAMID SFS 1993:1153 is deprecated and will removed from all services metadata at the end of 2022.
Best Practice attribute release based on entity categories
x - Attribute is released if it's available in the Home Organisation Identity Provider.
o - Attribute is released only if requested and required in the metadata for the service and if it's available in the Home Organisation Identity Provider.
SAML2 Attribute Identifier | Friendly Name | Without enitity category | Data protection Code of Conduct (REFEDS CoCo v2 and GÉANT CoCo v1) | REFEDS Personalized Access Entity Category | REFEDS Pseudonymous |
---|
Authorization REFEDS Anonymous Authorization REFEDS Anonymous Access Entity Category | REFEDS Research and Scholarship Entity Category (R&S) |
---|
SWAMID R&E | | Warning |
---|
|
No new EntityID will be permitted to use this category from 2020-09-01. |
|
|
|
Note |
---|
| Attribute released "only if requested and required" in metadata1. Note that norEduPersonNIN and personalIdentityNumber has additional restrictions2. |
|
Warning |
---|
|
No new EntityID will be permitted to use this category from 2020-09-01. |
urn:oasis:names:tc:SAML:attribute:pairwise-id | pairwise-id |
|
|
| x |
|
|
urn:oasis:names:tc:SAML:attribute:subject-id | subject-id |
|
| x |
|
|
|
urn:oid:1.3.6.1.4.1.5923.1.1.1.10 | eduPersonTargetedID |
| o |
|
|
| x3 |
urn:oid:1.3.6.1.4.1.5923.1.1.1.6 | eduPersonPrincipalName |
| o |
x |
|
|
| x |
urn:oid:1.3.6.1.4.1.5923.1.1.1.16 | eduPersonOrcid |
| o |
|
|
|
|
urn:oid:1.3.6.1.4.1.2428.90.1.5 | norEduPersonNIN |
| o2 |
x |
|
|
|
|
urn:oid:1.2.752.29.4.13 | personalIdentityNumber |
| o2 |
|
|
|
|
urn:oid:1.3.6.1.4.1.25178.1.2.3 | schacDateOfBirth |
| o |
|
|
|
|
urn:oid:0.9.2342.19200300.100.1.3 | mail |
| o |
x | x |
|
| x |
urn:oid:2.16.840.1.113730.3.1.241 | displayName |
| o |
x | x |
|
| x |
urn:oid:2.5.4.3 | cn (aka commonName) |
| o |
x |
|
|
|
|
urn:oid:2.5.4.42 | givenName |
| o |
x | x |
|
| x |
urn:oid:2.5.4.4 | sn (aka surname) |
| o | x |
|
| x |
x | urn:oid:1.3.6.1.4.1.5923.1.1.1.11 | eduPersonAssurance |
| o | x | x |
| x4 |
x | x |
urn:oid:1.3.6.1.4.1.5923.1.1.1.9 | eduPersonScopedAffiliation |
| o |
x | x | x | x | x |
urn:oid:1.3.6.1.4.1.5923.1.1.1.1 | eduPersonAffiliation |
| o |
|
|
|
|
urn:oid:2.5.4.10 | o (aka organizationName) |
| o |
x |
|
|
|
|
urn:oid:1.3.6.1.4.1.2428.90.1.6 | norEduOrgAcronym |
| o |
x |
|
|
|
|
urn:oid:2.5.4.6 | c (aka countryName) |
| o |
x |
|
|
|
|
urn:oid:0.9.2342.19200300.100.1.43 | co (aka friendlyCountryName) |
| o |
x |
|
|
|
|
urn:oid:1.3.6.1.4.1.25178.1.2.9 | schacHomeOrganization |
| o | x | x | x |
x |
|
urn:oid:1.3.6.1.4.1.25178.1.2.10 | schacHomeOrganizationType |
| o |
|
|
|
|
- The entity category the REFEDS and GÉANT Code of Conduct entity categories does not have a specific attribute bundle. Instead of an attribute bundle it uses attribute request in metadata for specific required attributes.
- norEduPersonNIN and personalIdentityNumber shall only be released when required by entities registered with in SWAMID (registrationAuthority="http://www.swamid.se/").
- personalIdentityNumber must only contain Swedish Personal Numbers or Swedish Co-ordination Numbers.
- norEduPersonNIN can besides Swedish Personal Numbers and Swedish Co-ordination Numbers also contain Interim Personal Numbers from the student documentation system Ladok and the Swedish national study enrolment system.
- eduPersonTargetedID should only be released in with the entity category REFEDS Research & Scholarship if eduPersonPrincipalName is reassignable. All Identity Providers in SWAMID must by the SWAMID Assurance Profiles be longterm unique and therefore it should normally not be released.
- Within SWAMID the REFEDS Research and Scholarship Entity Category is extended to also include eduPersonAssurance.
URI for all entity categories used within SWAMID
Entity category | Unique identifier |
|
---|
GÉANT Data Protection Code of Conduct Entity Category | http://www.geant.net/uri/dataprotection-code-of-conduct/v1 |
|
REFEDS Data Protection Code of Conduct Entity Category | https://refeds.org/category/code-of-conduct/v2 |
|
REFEDS Personalized Access Entity Category | https://refeds.org/category/personalized |
|
REFEDS Pseudonymous | Authorization Access Entity Category | https://refeds.org/category/pseudonymous |
|
REFEDS Anonymous | Authorization Access Entity Category | https://refeds.org/category/anonymous |
|
REFEDS Research and Scholarship Entity Category (R&S) | http://refeds.org/category/research-and-scholarship |
|
European Student Identifier Entity Category (ESI) | https://myacademicid.org/entity-categories/esi |
|
SWAMID R&E | http://www.swamid.se/category/research-and-education | Deprecated |
SWAMID SFS-1993-1153 | http://www.swamid.se/category/sfs-1993-1153 | Deprecated |
SWAMID EU-Adequate-Protection | http://www.swamid.se/category/eu-adequate-protection | Deprecated |
SWAMID NREN-Service | http://www.swamid.se/category/nren-service | Deprecated |
SWAMID HEI-Service | http://www.swamid.se/category/hei-service | Deprecated |
URI for all assurance profiles used within SWAMID
Entitetskategori | Unik identifierare |
|
---|
SWAMID AL1 | http://www.swamid.se/policy/assurance/al1 |
|
SWAMID AL2 | http://www.swamid.se/policy/assurance/al2 |
|
SWAMID AL3 | http://www.swamid.se/policy/assurance/al3 |
|
SWAMID AL2-MFA-HI | https://www.swamid.se/policy/authentication/swamid-al2-mfa-hi | Deprecated |
REFEDS Assurance Framework | https://refeds.org/assurance/* |
|
REFEDS Security Incident Response Trust Framework for Federated Identity (SIRTFI) version 1 | https://refeds.org/sirtfi |
|
REFEDS Security Incident Response Trust Framework for Federated Identity (SIRTFI) version 2 | https://refeds.org/sirtfi2 |
|