| Warning |
|---|
| title | Page is under update |
|---|
|
This page is under update and the expected result will be changed due to GDPR! |
Entity categories is used for data release minimization and scalable attribute release from an Identity Provider within SWAMID to a Service Provider in SWAMID and/or eduGAIN.
...
If an owner of a Service and the Identity Provider Home Organisation has a bilateral agreement the attribute release can be extended with additional attributes based on the agreement.
Best Practice attribute release based on entity categories
x - Users are expected to have a value and that should be released, if no value is present do not release an empty valueAttribute is released if it's available in the Home Organisation Identity Provider.
o - Release Attribute is released only if the user has a value on the attributerequested and required in the metadata for the service and if it's available in the Home Organisation Identity Provider.
| Attribut | SAML2 Attribute Identifier | Without enitity category | GÉANT CoCo | REFEDS R&S | SWAMID R&E | |
|---|
|
|
| |
|---|
Release only required attributes | Release attribute "only if requested and required" in metadata1. Note that norEduPersonNIN and personalIdentityNumber has additional restrictions2. |
|
| |
Will be deprecated | This entity category is under process to be deprecated and will in the future be replaced with REFEDS R&S or GÉANT CoCo. |
| Deprecated and will be removed from 2021-03-31 |
| No new EntityID will be permitted to use this category from SWAMID 2020-09-01.
This entity category is deprecated and will be removed from all entities 2021-03-31. The process of removal will start 2020-09-01. |
|
| Warning |
|---|
|
This entity category is under process to be deprecated and will in the future be replaced with GÉANT CoCo. |
Beroenden | | | | SWAMID R&E is used in pair with one of the entity categories SWAMID EU-Adequate-Protection, SWAMID NREN-Service and SWAMID HEI-Service |
|
Release only for only for |
| Warning |
|---|
| title | Deprecated and will be removed from 2021-03-31 |
|---|
| No new EntityID will be permitted to use this category from SWAMID 2020-09-01.
This entity category is deprecated and will be removed from all entities 2021-03-31. The process of removal will start 2020-09-01. |
| Note |
|---|
| Attributes released only for users with a Swedish personal identity number (sv. personnummer), a Swedish co-ordination number (sv. samordningsnummer) or a organisational student interim identity number (sv. interimspersonnummer) |
|
| transientId | x | x | x | x | x |
|---|
|
| eduPersonTargetedID | urn:oid:1.3.6.1.4.1.5923.1.1.1.10 |
| o | x3 |
|
|
|---|
| eduPersonPrincipalName | urn:oid:1.3.6.1.4.1.5923.1.1.1.6 | | o |
|---|
eduPersonTargetedID | x | x2 | eduPersonPrincipalName | | x | x | x | |
| eduPersonUniqueID4 | urn:oid:1.3.6.1.4.1.5923.1.1.1.13 | |
|---|
x| o | x | x | |
| eduPersonOrcid | urn:oid:1.3.6.1.4.1.5923.1.1.1.16 | | o | |
| |
|---|
| norEduPersonNIN | urn:oid:1.3.6.1.4.1.2428.90.1.5 | | o |
|---|
4o| x |
| personalIdentityNumber | urn:oid:1.2.752.29.4.13 | | o |
|---|
4| 2 |
| | |
| schacDateOfBirth | urn:oid:1.3.6.1.4.1.25178.1.2.3 |
| o |
|
|
|
|---|
| mail | urn:oid:0.9.2342.19200300.100.1.3 | |
|---|
x| o | x | x | |
| displayName | urn:oid:2.16.840.1.113730.3.1.241 | |
|---|
x| o | x | x | |
| cn (commonName) | urn:oid:2.5.4.3 | |
|---|
x| o | | x | |
| givenName | urn:oid:2.5.4.42 | |
|---|
x| o | x | x | |
| sn (surname) | urn:oid:2.5.4.4 | |
|---|
x| o | x | x | |
| eduPersonAssurance | urn:oid:1.3.6.1.4.1.5923.1.1.1.11 | | o | x |
|---|
| | x | x |
| eduPersonScopedAffiliation | urn:oid:1.3.6.1.4.1.5923.1.1.1.9 | | o | x |
|---|
| x | |
| eduPersonAffiliation | urn:oid:1.3.6.1.4.1.5923.1.1.1.1 | |
|---|
x| o | | | |
| o (organizationName) | urn:oid:2.5.4.10 | |
|---|
x| o | | x | |
| norEduOrgAcronym | urn:oid:1.3.6.1.4.1.2428.90.1.6 | |
|---|
x| o | | x | |
| c (countryName) | urn:oid:2.5.4.6 | |
|---|
x| o | | x | |
| co (friendlyCountryName) | urn:oid:0.9.2342.19200300.100.1.43 | |
|---|
x| o | | x | |
| schacHomeOrganization | urn:oid:1.3.6.1.4.1.25178.1.2.9 | |
|---|
x| o | | x | |
| schacHomeOrganizationType | urn:oid:1.3.6.1.4.1.25178.1.2.10 | |
|---|
x...
- The entity category GÉANT Code of Conduct does not have a specific attribute bundle. Instead of an attribute bundle it uses attribute request in metadata for specific required attributes.
2 eduPersonTargetedID should only be released in with the entity category REFEDS Research & Scholarship if eduPersonPrincipalName is reassignable.
3 eduPersonUniqueID must be a long term unique identifier that will not be reused. If eduPersonPrincipalName is non-reassignable then eduPersonUniqueID can have the same value as eduPersonPrincipalName.
...
- norEduPersonNIN and personalIdentityNumber shall only be released when required by entities registered with in SWAMID (registrationAuthority="http://www.swamid.se/").
...
- personalIdentityNumber must only contain Swedish Personal Numbers or Swedish Co-ordination Numbers.
- norEduPersonNIN can besides Swedish Personal Numbers
...
- and Swedish Co-ordination Numbers also contain Interim Personal Numbers from the student documentation system Ladok and the Swedish national study enrolment system.
- eduPersonTargetedID should only be released in with the entity category REFEDS Research & Scholarship if eduPersonPrincipalName is reassignable.
- eduPersonUniqueID must be a long term unique identifier that will not be reused. If eduPersonPrincipalName is non-reassignable then eduPersonUniqueID can have the same value as eduPersonPrincipalName.
URI for all entity categories used within SWAMID
...
| Is deprecated and will be completely removed 2021-03-31 |
URI for all assurance profiles used within SWAMID
...