...
REFEDS (the Research and Education FEDerations group) is the standard organisation within the academic identity federation community. To enable, simplify and minimalize attribute release from Identity Providers to Service Providers. A service should never ask for more attributes that they need for delivering the service to the end user. Based on this assumption REFEDS has created three new hierarchal entity categories where Anonymous Access is for services that don't need any personalized information, Pseudonymous Access is for services that support personalization between session but don't have any need of personal identifiable information and Personalized Access is for services that need personal identifiable information. You should use more than one of these entity categories for the same service. Research and Scholarship (R&S) is more or less the same as Personalized Access but have more restricted use cases and another set of identifiers. For services that needs other attributes than supported by the fixed attribute bundles the entity categories REFEDS/GÉANT Data Protection Code of Conduct is used.
Anonymous Access | Pseudonymous Access | Personalized Access | Research and Scholarship (R&S) | |
---|---|---|---|---|
Organisation | eduPersonScopedAffiliation schacHomeOrganization | eduPersonScopedAffiliation schacHomeOrganization | eduPersonScopedAffiliation schacHomeOrganization | eduPersonScopedAffiliation (optional) |
User identifier | X | samlPairwiseID | samlSubjectID | eduPersonPrincipalName (if non-reassigned) eduPersonPrincipalName + eduPersonTargetedID |
Person name | X | X | displayName givenName sn | displayName or givenName + sn |
X | X | |||
Assurance | X | eduPersonAssurance | eduPersonAssurance | eduPersonAssurance (only within SWAMID) |
Entitlement | X | X | X | X |
REFEDS Anonymous Access Entity Category
...