Page Comparison - 4.1 Entity Categories for Service Providers (v.128 vs v.129) - SWAMID

...

Expected attribute release

Attribute(s)	OID	Comment
transientId		SAML2 session user identifier.
eduPersonTargetedID	1.3.6.1.4.1.5923.1.1.1.10
eduPersonPrincipalName	1.3.6.1.4.1.5923.1.1.1.6
mail	0.9.2342.19200300.100.1.3	Can be more than one address released but Identity Providers are recommended to release only one.
displayName and/or givenName and sn	2.16.840.1.113730.3.1.241, 2.5.4.42, 2.5.4.4	A user's name can be released in different ways and it's recommended that the Service Provider can handle this.
eduPersonScopedAffiliation	1.3.6.1.4.1.5923.1.1.1.9

...

Expected minimal attribute availability for release (only if required)

Attribute(s)	OID	Comment
transientId		SAML2 session user identifier.
eduPersonTargetedID	1.3.6.1.4.1.5923.1.1.1.10	Only if required in Service Provider metadata!
eduPersonPrincipalName	1.3.6.1.4.1.5923.1.1.1.6	Only if required in Service Provider metadata!
mail	0.9.2342.19200300.100.1.3	Only if required in Service Provider metadata! Can be more than one address released but Identity Providers are recommended to release only one.
displayName and/or cn	2.16.840.1.113730.3.1.241, 2.5.4.3	Only if required in Service Provider metadata! A user's name can be released in different ways and it's recommended that the Service Provider can handle this.
eduPersonScopedAffiliation	1.3.6.1.4.1.5923.1.1.1.9	Only if required in Service Provider metadata!
schacHomeOrganization	1.3.6.1.4.1.25178.1.2.9	Only if required in Service Provider metadata!
schacHomeOrganizationType	1.3.6.1.4.1.25178.1.2.10	Only if required in Service Provider metadata!

...

Expected attribute release when paired with a SWAMID Data Protection Entity Category

Attribute(s)	OID	Comment
transientId		SAML2 session user identifier.
eduPersonTargetedID	1.3.6.1.4.1.5923.1.1.1.10
eduPersonAssurance	1.3.6.1.4.1.5923.1.1.1.11	One or more Assurance Profiles for the user if it is defined, please see "3.3 Configure Shibboleth SP - Check for Identity Assurance or REFEDS SIRTFI" for more information.
eduPersonPrincipalName	1.3.6.1.4.1.5923.1.1.1.6
mail	0.9.2342.19200300.100.1.3	Can be more than one address released but Identity Providers are recommended to release only one.
displayName, cn and/or givenName and sn	2.16.840.1.113730.3.1.241, 2.5.4.3, 2.5.4.42, 2.5.4.4	A user's name can be released in different ways and it's recommended that the Service Provider can handle this.
eduPersonScopedAffiliation	1.3.6.1.4.1.5923.1.1.1.9
o	2.5.4.10
norEduOrgAcronym	1.3.6.1.4.1.2428.90.1.6
c	2.5.4.6
co	0.9.2342.19200300.100.1.43
schacHomeOrganization	1.3.6.1.4.1.25178.1.2.9

...

Expected attribute release

Attribute	OID	Comment
transientId		SAML2 session user identifier.
eduPersonTargetedID	1.3.6.1.4.1.5923.1.1.1.10
eduPersonAssurance	1.3.6.1.4.1.5923.1.1.1.11	One or more Assurance Profiles for the user if it is defined, please see "3.3 Configure Shibboleth SP - Check for Identity Assurance or REFEDS SIRTFI" for more information.
norEduPersonNIN	1.3.6.1.4.1.2428.90.1.5	Swedish goverment Personal Identity Number, Swedish goverment temporary Co-ordination number or Swedish National Admission system interim identity number.

...

Most Identity Providers within SWAMID sends the per Service Provider unique user identifier eduPersonTargetedID (OID 1.3.6.1.4.1.5923.1.1.1.10) to and the SAML2 per session session user identifier transientId to all Service Providers.

Versions Compared

Old Version 128

New Version 129

Key

Expected attribute release

Expected minimal attribute availability for release (only if required)

Expected attribute release when paired with a SWAMID Data Protection Entity Category

Expected attribute release