...
If an owner of a Service and the Identity Provider Home Organisation has a bilateral agreement the attribute release can be extended with additional attributes based on the agreement.
...
Best Practice attribute release based on entity categories
x - Attribute is released if it's available in the Home Organisation Identity Provider.
o - Attribute is released only if requested and required in the metadata for the service and if it's available in the Home Organisation Identity Provider.
Attribut | SAML2 Attribute Identifier | Without enitity category | GÉANT CoCo | REFEDS R&S | SWAMID R&E | SWAMID SFS-1993-1153 | |||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|
| |||||||||||||||||||||||||||||
eduPersonTargetedID | urn:oid:1.3.6.1.4.1.5923.1.1.1.10 | o | x23 | ||||||||||||||||||||||||||||
eduPersonPrincipalName | urn:oid:1.3.6.1.4.1.5923.1.1.1.6 | o | x | x | |||||||||||||||||||||||||||
eduPersonUniqueID34 | urn:oid:1.3.6.1.4.1.5923.1.1.1.13 | o | x | x | |||||||||||||||||||||||||||
eduPersonOrcid | urn:oid:1.3.6.1.4.1.5923.1.1.1.16 | o | |||||||||||||||||||||||||||||
norEduPersonNIN | urn:oid:1.3.6.1.4.1.2428.90.1.5 | o42 | x | ||||||||||||||||||||||||||||
personalIdentityNumber | urn:oid:1.2.752.29.4.13 | o42 | |||||||||||||||||||||||||||||
schacDateOfBirth | urn:oid:1.3.6.1.4.1.25178.1.2.3 | o | |||||||||||||||||||||||||||||
urn:oid:0.9.2342.19200300.100.1.3 | o | x | x | ||||||||||||||||||||||||||||
displayName | urn:oid:2.16.840.1.113730.3.1.241 | o | x | x | |||||||||||||||||||||||||||
cn (commonName) | urn:oid:2.5.4.3 | o | x | ||||||||||||||||||||||||||||
givenName | urn:oid:2.5.4.42 | o | x | x | |||||||||||||||||||||||||||
sn (surname) | urn:oid:2.5.4.4 | o | x | x | |||||||||||||||||||||||||||
eduPersonAssurance | urn:oid:1.3.6.1.4.1.5923.1.1.1.11 | o | x | x | x | ||||||||||||||||||||||||||
eduPersonScopedAffiliation | urn:oid:1.3.6.1.4.1.5923.1.1.1.9 | o | x | x | |||||||||||||||||||||||||||
eduPersonAffiliation | urn:oid:1.3.6.1.4.1.5923.1.1.1.1 | o | |||||||||||||||||||||||||||||
o (organizationName) | urn:oid:2.5.4.10 | o | x | ||||||||||||||||||||||||||||
norEduOrgAcronym | urn:oid:1.3.6.1.4.1.2428.90.1.6 | o | x | ||||||||||||||||||||||||||||
c (countryName) | urn:oid:2.5.4.6 | o | x | ||||||||||||||||||||||||||||
co (friendlyCountryName) | urn:oid:0.9.2342.19200300.100.1.43 | o | x | ||||||||||||||||||||||||||||
schacHomeOrganization | urn:oid:1.3.6.1.4.1.25178.1.2.9 | o | x | ||||||||||||||||||||||||||||
schacHomeOrganizationType | urn:oid:1.3.6.1.4.1.25178.1.2.10 | o |
...
- The entity category GÉANT Code of Conduct does not have a specific attribute bundle. Instead of an attribute bundle it uses attribute request in metadata for specific required attributes
...
- .
3 eduPersonUniqueID must be a long term unique identifier that will not be reused. If eduPersonPrincipalName is non-reassignable then eduPersonUniqueID can have the same value as eduPersonPrincipalName.
...
- norEduPersonNIN and personalIdentityNumber shall only be released when required by entities registered with in SWAMID (registrationAuthority="http://www.swamid.se/").
...
- personalIdentityNumber must only contain Swedish Personal Numbers or Swedish Co-ordination Numbers.
- norEduPersonNIN can besides Swedish Personal Numbers
...
- and Swedish Co-ordination Numbers also contain Interim Personal Numbers from the student documentation system Ladok and the Swedish national study enrolment system.
- eduPersonTargetedID should only be released in with the entity category REFEDS Research & Scholarship if eduPersonPrincipalName is reassignable.
- eduPersonUniqueID must be a long term unique identifier that will not be reused. If eduPersonPrincipalName is non-reassignable then eduPersonUniqueID can have the same value as eduPersonPrincipalName.
URI for all entity categories used within SWAMID
Entity category | Unique identifier | |
---|---|---|
GÉANT CoCo | http://www.geant.net/uri/dataprotection-code-of-conduct/v1 | |
REFEDS R&S | http://refeds.org/category/research-and-scholarship | |
SWAMID R&E | http://www.swamid.se/category/research-and-education | Under process to be deprecatedIs deprecated and will be completely removed 2021-03-31 |
SWAMID SFS-1993-1153 | http://www.swamid.se/category/sfs-1993-1153 | Is deprecated and will be completely removed 2021-03-31 |
SWAMID EU-Adequate-Protection | http://www.swamid.se/category/eu-adequate-protection | Under process to be deprecatedIs deprecated and will be completely removed 2021-03-31 |
SWAMID NREN-Service | http://www.swamid.se/category/nren-service | Under process to be deprecatedIs deprecated and will be completely removed 2021-03-31 |
SWAMID HEI-Service | http://www.swamid.se/category/hei-service | Under process to be deprecated |
...
Is deprecated and will be completely removed 2021-03-31 |
URI for all assurance profiles used within SWAMID
Entitetskategori | Unik identifierare |
---|---|
SWAMID AL1 | http://www.swamid.se/policy/assurance/al1 |
SWAMID AL2 | http://www.swamid.se/policy/assurance/al2 |
SWAMID AL2-MFA-HI | https://www.swamid.se/policy/authentication/swamid-al2-mfa-hi |
REFEDS Assurance Framework | https://refeds.org/assurance/* |
REFEDS SIRTFI | https://refeds.org/sirtfi |
...