...
Example of services that uses the entity category includes (but are not limited to) collaborative tools and services such as wikis, blogs, project and grant management tools that require some personal information about users to work effectively. This Entity Category should not be used for access to licensed content such as e-journals.
Expected attribute release
| Attribute(s) | OID | Comment |
|---|---|---|
| eduPersonTargetedID | 1.3.6.1.4.1.5923.1.1.1.10 | |
| eduPersonPrincipalName | 1.3.6.1.4.1.5923.1.1.1.6 | |
| 0.9.2342.19200300.100.1.3 | Can be more than one address released but Identity Providers are recommended to release only one. | |
| displayName and/or givenName and sn | 2.16.840.1.113730.3.1.241, | A user's name can be released in different ways and it's recommended that the Service Provider can handle this. |
| eduPersonScopedAffiliation | 1.3.6.1.4.1.5923.1.1.1.9 |
Process for applying for tagging a service with entity category REFEDS Research and Scholarship
...
CoCo is used in the eduGAIN interfederation to make services available to users of European higher education institutions. The CoCo makes it possible to automatically release mostly harmless attributes to Service Providers which fulfill the EU Data Protection Directive. The expected IdP behaviour is to release the Service Provider required subset of the attributes eptid, eppn, emailmail, displayName, scoped affiliation and schacHomeOrganization. The required subset of attributes for a specific service is defined in the mandatory Service Provider Privacy Policy. There is furthermore an identity provider entity support category that should be registered for all IdP that supports the R&S Category that can be used for filter purpose in a discovery service.
Expected attribute release
| Attribute(s) | OID | Comment |
|---|---|---|
| eduPersonTargetedID | 1.3.6.1.4.1.5923.1.1.1.10 | Only if required in Service Provider metadata! |
| eduPersonPrincipalName | 1.3.6.1.4.1.5923.1.1.1.6 | Only if required in Service Provider metadata! |
| 0.9.2342.19200300.100.1.3 | Only if required in Service Provider metadata! Can be more than one address released but Identity Providers are recommended to release only one. | |
| displayName and/or cn | 2.16.840.1.113730.3.1.241, | Only if required in Service Provider metadata! A user's name can be released in different ways and it's recommended that the Service Provider can handle this. |
| eduPersonScopedAffiliation | 1.3.6.1.4.1.5923.1.1.1.9 | Only if required in Service Provider metadata! |
| schacHomeOrganization | 1.3.6.1.4.1.25178.1.2.9 | Only if required in Service Provider metadata! |
| schacHomeOrganizationType | 1.3.6.1.4.1.25178.1.2.10 | Only if required in Service Provider metadata! |
Process for applying for tagging a service with entity category GÉANT Dataprotection Code of Conduct
For a service to be tagged with CoCo it must contact the federation that it has registered with. If the service is registered within the SWAMID federation the service operator sends an e-mail to operations@swamid.se with a formal request.
...
| Tip |
|---|
Entity categories is additive, this means that one Service Provider can have both research-and-education and sfs-1993-1153. name below means givenName, surname, initials, displayName. |
Category | DescriptionExpected IdP Behavior | |
|---|---|---|
research-and-education | SP is an application that directly or indirectly supports HEI institutions. | Release eptid, eppn, email, name and scoped affiliation plus static organisational information only if the SP is any of the above defined SWAMID Data Protection Entity Categories. |
sfs-1993-1153 | SP is an application that fulfills SFS 1993:1153Release norEduPersonNIN. |
SWAMID Research & Education
...
For instance, a service that provides tools for both multi-institutional research collaboration and instruction is eligible as a candidate for this category. This category is very similar to InCommons Research & Scolarship Category. The expected IdP behaviour is to release name, eppn, eptid, mail , eduPersonAssertion and eduPersonScopedAffiliation only if the services is also in at least one of the safe data processing categories. It is also recommended that static organisational information is released. If the Identity Provider home organisation has fulfilled the requirements for SWAMID Assurance Profiles eduPersonAssurance should also be released.
Expected attribute release when paired with a SWAMID Data Protection Entity Category
| Attribute(s) | OID | Comment |
|---|---|---|
| eduPersonTargetedID | 1.3.6.1.4.1.5923.1.1.1.10 | |
| eduPersonAssurance | 1.3.6.1.4.1.5923.1.1.1.11 | Assurance level for the user, please see "3.3 Configure Shibboleth SP - Check for Identity Assurance" for more information. |
| eduPersonPrincipalName | 1.3.6.1.4.1.5923.1.1.1.6 | |
| 0.9.2342.19200300.100.1.3 | Can be more than one address released but Identity Providers are recommended to release only one. | |
| displayName, cn and/or givenName and sn | 2.16.840.1.113730.3.1.241, | A user's name can be released in different ways and it's recommended that the Service Provider can handle this. |
| eduPersonScopedAffiliation | 1.3.6.1.4.1.5923.1.1.1.9 | |
| o | 2.5.4.10 | |
| norEduOrgAcronym | 1.3.6.1.4.1.2428.90.1.6 | |
| c | 2.5.4.6 | |
| co | 0.9.2342.19200300.100.1.43 | |
| schacHomeOrganization | 1.3.6.1.4.1.25178.1.2.9 |
Process for applying for tagging a service with entity category Research & Education
...
Examples of services that are viable for this entity category is a course registration self service and a student account creation service, a learning progression registration service and an internship administration self service.
Expected attribute release
| Attribute | OID | Comment |
|---|---|---|
| eduPersonTargetedID | Recommended release to all Service Providers | |
| norEduPersonNIN | Swedish goverment Personal Identity Number, Swedish goverment temporary Co-ordination number or Swedish National Admission system interim identity number | |
| 1.3.6.1.4.1.5923.1.1.1.10 | ||
| eduPersonAssurance | 1.3.6.1.4.1.5923.1.1.1.11eduPersonAssurance | Assurance level for the user, please see "3.3 Configure Shibboleth SP - Check for Identity Assurance" for more information. |
| norEduPersonNIN | 1.3.6.1.4.1.2428.90.1.5 | Swedish goverment Personal Identity Number, Swedish goverment temporary Co-ordination number or Swedish National Admission system interim identity number |
Process for applying for tagging a service with entity category SFS 1993:1153
...
| Info | ||
|---|---|---|
| ||
The application is compliant with either
|
0.9.2342.19200300.100.1.43