Entity categories is used for data release minimization and scalable attribute release from an Identity Provider within SWAMID to a Service Provider in SWAMID and/or eduGAIN.
If an owner of a Service and the Identity Provider Home Organisation has a bilateral agreement the attribute release can be extended with additional attributes based on the agreement.
Best Practice attribute release based on entity categories
x - Attribute is released if it's available in the Home Organisation Identity Provider.
o - Attribute is released only if requested and required in the metadata for the service and if it's available in the Home Organisation Identity Provider.
Attribut | SAML2 Attribute Identifier | Without enitity category |
---|
Nedanstående tabell definierar vilka attribut som förmodas skickas från en IdP inom SWAMID till en SP inom SWAMID eller eduGAIN.
Attribut | Utan entitetskategori | GÉANT CoCo | REFEDS R&S | SWAMID R&E | |
---|
Eleg loa2-pnr | Beroenden | | Only if requiered | | Endast tillsammans med någon av entitetskategorierna
|
---|
|
|
|
Note |
---|
| Attribute released "only if requested and required" in metadata1. Note that norEduPersonNIN and personalIdentityNumber has additional restrictions2. |
|
|
Warning |
---|
title | Deprecated and will be removed from 2021-03-31 |
---|
| No new EntityID will be permitted to use this category from SWAMID 2020-09-01.
This entity category is deprecated and will be removed from all entities 2021-03-31. The process of removal will start 2020-09-01. |
Info |
---|
| SWAMID R&E is used in pair with one of the entity categories SWAMID |
|
---|
SWAMID EU-Adequate-Protection, SWAMID |
|
eller | Endast för användare med SWAMID AL2 | |
Warning |
---|
title | Deprecated and will be removed from 2021-03-31 |
---|
| No new EntityID will be permitted to use this category from SWAMID 2020-09-01.
This entity category is deprecated and will be removed from all entities 2021-03-31. The process of removal will start 2020-09-01. |
Note |
---|
| Attributes released only for users with a Swedish personal identity number (sv. personnummer), a Swedish co-ordination number (sv. samordningsnummer) or a organisational student interim identity number (sv. interimspersonnummer) |
|
eduPersonTargetedID | urn:oid:1.3.6.1.4.1.5923.1.1.1.10 |
| o | x3 |
|
|
---|
eduPersonPrincipalName | urn:oid:1.3.6.1.4.1.5923.1.1.1.6 | | o |
---|
transientId | x | x | x | x | x | x |
---|
eduPersonTargetedID | x | x | x | x | x | x |
---|
eduPersonPrincipalName | | x | eduPersonUniqueIDeduPersonUniqueID4 | urn:oid:1.3.6.1.4.1.5923.1.1.1.13 | |
---|
x | xurn:oid:1.3.6.1.4.1.5923.1.1.1.16 | |
x urn:oid:1.3.6.1.4.1.2428.90.1.5 | |
| personalIdentityNumber | personalIdentityNumber | urn:oid:1.2.752.29.4.13 | | o2 |
| | |
---|
| | x | mail | | xschacDateOfBirth | urn:oid:1.3.6.1.4.1.25178.1.2.3 |
| o |
|
|
|
---|
mail | urn:oid:0.9.2342.19200300.100.1.3 | | o | x | x | |
---|
| displayNamedisplayName | urn:oid:2.16.840.1.113730.3.1.241 | |
---|
xx | commonNamecn (commonName) | urn:oid:2.5.4.3 | |
---|
x | givenNamegivenName | urn:oid:2.5.4.42 | |
---|
xx | surnamesn (surname) | urn:oid:2.5.4.4 | |
---|
xx | eduPersonAssurance | eduPersonAssurance | urn:oid:1.3.6.1.4.1.5923.1.1.1.11 | | o | x |
---|
| | eduPersonScopedAffiliationeduPersonScopedAffiliation | urn:oid:1.3.6.1.4.1.5923.1.1.1.9 | |
---|
x | eduPersonAffiliationeduPersonAffiliation | urn:oid:1.3.6.1.4.1.5923.1.1.1.1 | |
---|
x | organizationNameo (organizationName) | urn:oid:2.5.4.10 | |
---|
x | norEduOrgAcronymnorEduOrgAcronym | urn:oid:1.3.6.1.4.1.2428.90.1.6 | |
---|
x | countryNamec (countryName) | urn:oid:2.5.4.6 | |
---|
x | friendlyCountryNameco (friendlyCountryName) | urn:oid:0.9.2342.19200300.100.1.43 | |
---|
x | schacHomeOrganizationschacHomeOrganization | urn:oid:1.3.6.1.4.1.25178.1.2.9 | |
---|
x | schacHomeOrganizationTypeschacHomeOrganizationType | urn:oid:1.3.6.1.4.1.25178.1.2.10 | |
---|
x |
URI för alla entitetskategorier som används i SWAMID
- The entity category GÉANT Code of Conduct does not have a specific attribute bundle. Instead of an attribute bundle it uses attribute request in metadata for specific required attributes.
- norEduPersonNIN and personalIdentityNumber shall only be released when required by entities registered with in SWAMID (registrationAuthority="http://www.swamid.se/").
- personalIdentityNumber must only contain Swedish Personal Numbers or Swedish Co-ordination Numbers.
- norEduPersonNIN can besides Swedish Personal Numbers and Swedish Co-ordination Numbers also contain Interim Personal Numbers from the student documentation system Ladok and the Swedish national study enrolment system.
- eduPersonTargetedID should only be released in with the entity category REFEDS Research & Scholarship if eduPersonPrincipalName is reassignable.
- eduPersonUniqueID must be a long term unique identifier that will not be reused. If eduPersonPrincipalName is non-reassignable then eduPersonUniqueID can have the same value as eduPersonPrincipalName.
URI for all entity categories used within SWAMID
Is deprecated and will be completely removed 2021-03-31 |
URI for all assurance profiles used within
...
SWAMID
...