Versions Compared

Old Version 135

changes.mady.by.user Pål Axelsson

Saved on

compared with

New Version 136

changes.mady.by.user Pål Axelsson

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Example of services that uses the entity category includes (but are not limited to) collaborative tools and services such as wikis, blogs, project and grant management tools that require some personal information about users to work effectively.  This Entity Category should not be used for access to licensed content such as e-journals.

Expected attribute release from an Identity Provider

Attribute(s)OIDSAML2 Attribute IdentifierComment
transientId SAML2 session user identifier.
eduPersonTargetedIDurn:oid:1.3.6.1.4.1.5923.1.1.1.10 

Only released if eduPersonPrincipalName is reassignable in the Identity Provider.

eduPersonPrincipalNameurn:oid:1.3.6.1.4.1.5923.1.1.1.6 
eduPersonUniqueIDurn:oid:1.3.6.1.4.1.5923.1.1.1.13

eduPersonUniqueID is a long term unique identifier that will not be reused by the Identity Provider. It may be the same value as eduPersonPrincipalName if that attriubte is non-reassignable.

Service can only expect this attribute to available from Identity Providers within SWAMID.

mailurn:oid:0.9.2342.19200300.100.1.3mail0.9.2342.19200300.100.1.3Can be more than one address released but Identity Providers are recommended to release only one.
displayName and/or givenName and sn

urn:oid:2.16.840.1.113730.3.1.241,
urn:oid:2.5.4.42,
urn:oid:2.5.4.4

A user's name can be released in different ways and it's recommended that the Service Provider can handle this.
eduPersonAssuranceurn:oid:1.3.6.1.4.1.5923.1.1.1.11Service can only expect this attribute to available from Identity Providers within SWAMID.
eduPersonScopedAffiliationurn:oid:1.3.6.1.4.1.5923.1.1.1.9 

...

Examples of services that are viable for this entity category is a course registration self service and a student account creation service, a learning progression registration service and an internship administration self service.

Expected attribute release

AttributeOIDComment
transientId SAML2 session user identifier.
eduPersonTargetedID1.3.6.1.4.1.5923.1.1.1.10 
eduPersonAssurance1.3.6.1.4.1.5923.1.1.1.11One or more Assurance Profiles for the user if it is defined, please see "3.3 Configure Shibboleth SP - Check for Identity Assurance or REFEDS SIRTFI" for more information.
norEduPersonNIN1.3.6.1.4.1.2428.90.1.5Swedish goverment Personal Identity Number, Swedish goverment temporary Co-ordination number or Swedish National Admission system interim identity number.

...