Versions Compared

Old Version 163

changes.mady.by.user Pål Axelsson

Saved on

compared with

New Version 164

changes.mady.by.user Pål Axelsson

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Example of services that uses the entity category includes (but are not limited to) collaborative tools and services such as wikis, blogs, project and grant management tools that require some personal information about users to work effectively.   This Entity Category should not be used for access to licensed content such as e-journals.

...

For a service to be tagged with REFEDS Research and Scholarship (R&S) it must contact the federation that it has registered with. If the service is registered within the SWAMID federation the service operator sends an e-mail to operations@swamid.se with a formal request that contains the information below. Upon receiving a the request SWAMID operations will respond within two weeks.

...

  • URL beginning with https to the service logotype for use in Identity Providers login pages and Discovery Services.
  • URL to a web page with the service privacy policy in English and maybe Swedish.
  • URL to a informational web page that describes the service in English and maybe Swedishprobably in Swedish.

Besides the formal requirements and recommendations of REFEDS R&S it is highly recommended that the service also adheres to the REFEDS Security Incident Response Trust Framework for Federated Identity (Sirtfi).

...

Attribute(s)SAML2 Attribute IdentifierComment
eduPersonTargetedIDurn:oid:1.3.6.1.4.1.5923.1.1.1.10

Should only be release by the Identity Provider if eduPersonPrincipalName is re-assignable to another user.

eduPersonPrincipalNameurn:oid:1.3.6.1.4.1.5923.1.1.1.6 
eduPersonUniqueIDurn:oid:1.3.6.1.4.1.5923.1.1.1.13

eduPersonUniqueID is a long term unique identifier that will not be reused by the Identity Provider. It may be the same value as eduPersonPrincipalName if that attribute is non-re-assignable.

eduPersonOrcidurn:oid:1.3.6.1.4.1.5923.1.1.1.16
norEduPersonNINurn:oid:1.3.6.1.4.1.2428.90.1.5

Within SWAMID norEduPersonNIN can besides  besides Swedish Personal Numbers and Swedish Co-ordination Numbers also contain Interim Personal Numbers from the student documentation system Ladok and the Swedish national study enrolment system.

SWAMID Identity Providers only release this attribute to services registered in SWAMID.

personalIdentityNumberurn:oid:1.2.752.29.4.13

Within SWAMID personalIdentityNumber only contain Swedish Personal Numbers or Swedish Co-ordination Numbers.

SWAMID Identity Providers only release this attribute to services registered in SWAMID.

schacDateOfBirthurn:oid:1.3.6.1.4.1.25178.1.2.3
mailurn:oid:0.9.2342.19200300.100.1.3Can be more than one address released but Identity Providers are recommended to release only one.
displayName

urn:oid:2.16.840.1.113730.3.1.241


givenNameurn:oid:2.5.4.42
sn (surname)urn:oid:2.5.4.4
cn (commonName)urn:oid:2.5.4.3Due to that cn is use for different things in different in different identity management systems it's highly recommended to use the attribute displayName instead.
eduPersonAssuranceurn:oid:1.3.6.1.4.1.5923.1.1.1.11Services shall only expect this attribute to be available from Identity Providers within SWAMID.
eduPersonScopedAffiliationurn:oid:1.3.6.1.4.1.5923.1.1.1.9 
eduPersonAffiliationurn:oid:1.3.6.1.4.1.5923.1.1.1.1Due to eduPersonAffiliations non domain scoped nature it's highly recommended to use the attribute eduPersonScopedAffiliation instead.
o (organizationName)urn:oid:2.5.4.10This attribute is also be available as an metadata attribute.
norEduOrgAcronymurn:oid:1.3.6.1.4.1.2428.90.1.6
c (countryName)urn:oid:2.5.4.6
co (friendlyCountryName)urn:oid:0.9.2342.19200300.100.1.43
schacHomeOrganizationurn:oid:1.3.6.1.4.1.25178.1.2.9
schacHomeOrganizationTypeurn:oid:1.3.6.1.4.1.25178.1.2.10

...

For a service to be tagged with CoCo it GÉANT Dataprotection Code of Conduct it must contact the federation that it has registered with. If the service is registered within the SWAMID federation the service operator sends an e-mail to operations@swamid.se with a formal request that contains the information below. Upon receiving the request SWAMID operations will respond within two weeks.

The request must contain the following administrative information:

  • Purpose and scope of the service.
  • A list off the required attributes that the service needs
  • Documentation which proves that the service has fulfilled all the requirements for CoCo.
  • to function. It's possible to require more than one attribute of a specific type, i.e. name and identifier attributes, to increase the possibility to get the needed set of attributes.
  • Documentation which proves that the service has fulfilled all the requirements for R&S if it's not defined by purpose and scope of the service.

The request must contain the following information for metadata publication:

  • Well functional SAML2 metadata for the service with an entityid in URL-form.
  • Display name for the Service in Swedish and English for use in Identity Providers login pages and Discovery Services.
  • Short description of the Service in Swedish and English for use in Identity Providers login pages and Discovery Services.
  • Mail address to the technical and/or support contact for the service.
  • Organisation name of the organisation delivering the service
  • URL to the organisation delivering the service.
  • URL to a web page with the service privacy policy in English and maybe Swedish. The privacy policy must at least contain:
    • the name, address and jurisdiction of the Service Provider;
    • the purpose or purposes of the processing of the Attributes;
    • a description of the Attributes being processed;
    • the third party recipients or categories of third party recipient to whom he Attributes might be disclosed, and proposed transfers of Attributes to countries outside of the European Economic 66 Area;
    • the existence of the rights to access, rectify and delete the Attributes held about the End User;
    • the retention period of the Attributes; and
    • a reference to this Code of Conduct including the formal reference URL http://www.geant.net/uri/dataprotection-code-of-conduct/v1.

The request is highly recommended to also have the following information for metadata publication:

  • URL beginning with https to the service logotype for use in Identity Providers login pages and Discovery Services.
  • URL to a informational web page that describes the service in English and probably in Swedish.

Besides the formal requirements and recommendations of GÉANT Dataprotection Code of Conduct it is highly recommended that the service also adheres to the REFEDS Security Incident Response Trust Framework for Federated Identity (Sirtfi). SIRTFI will be mandatory in the next version of this code of conductUpon receiving a request SWAMID operations will respond within two weeks.

Release without any recognized Entity Categories

...