...
CoCo is used in the eduGAIN interfederation to make services available to users of European higher education institutions. The CoCo makes it possible to automatically release mostly harmless attributes to Service Providers which fulfill the EU Data Protection Directive. The expected IdP behaviour is to release the Service Provider required subset of the attributes eptid, eppn, mail, displayName, scoped affiliation and schacHomeOrganization. The required subset of attributes for a specific service is defined in the mandatory Service Provider Privacy Policy. There is furthermore an identity provider entity support category that should be registered for all IdP that supports the R&S Category that can be used for filter purpose in a discovery service.
Expected minimal attribute availability for release (only if required)
Attribute(s) | OID | Comment |
---|---|---|
eduPersonTargetedID | 1.3.6.1.4.1.5923.1.1.1.10 | Only if required in Service Provider metadata! |
eduPersonPrincipalName | 1.3.6.1.4.1.5923.1.1.1.6 | Only if required in Service Provider metadata! |
0.9.2342.19200300.100.1.3 | Only if required in Service Provider metadata! Can be more than one address released but Identity Providers are recommended to release only one. | |
displayName and/or cn | 2.16.840.1.113730.3.1.241, | Only if required in Service Provider metadata! A user's name can be released in different ways and it's recommended that the Service Provider can handle this. |
eduPersonScopedAffiliation | 1.3.6.1.4.1.5923.1.1.1.9 | Only if required in Service Provider metadata! |
schacHomeOrganization | 1.3.6.1.4.1.25178.1.2.9 | Only if required in Service Provider metadata! |
schacHomeOrganizationType | 1.3.6.1.4.1.25178.1.2.10 | Only if required in Service Provider metadata! |
...
Examples of services that are viable for this entity category is a course registration self service and a student account creation service, a learning progression registration service and an internship administration self service.
Expected attribute release
Attribute | OID | Comment |
---|---|---|
eduPersonTargetedID | 1.3.6.1.4.1.5923.1.1.1.10 | |
eduPersonAssurance | 1.3.6.1.4.1.5923.1.1.1.11 | One or more Assurance profiles for the user if it is defined, please see "3.3 Configure Shibboleth SP - Check for Identity Assurance" for more information. |
norEduPersonNIN | 1.3.6.1.4.1.2428.90.1.5 | Swedish goverment Personal Identity Number, Swedish goverment temporary Co-ordination number or Swedish National Admission system interim identity number. |
...