...
If an owner of a Service and the Identity Provider Home Organisation has a bilateral agreement the attribute release can be extended with additional attributes based on the agreement.
...
Best Practice attribute release based on entity categories
x - Release this attribute, if no value is present do not release an empty valueAttribute is released if it's available in the Home Organisation Identity Provider.
o - Release this attribute Attribute is released only if it's requested and required the metadata, if no value is present do not release an empty valuein the metadata for the service and if it's available in the Home Organisation Identity Provider.
Attribut | SAML2 Attribute Identifier | Without enitity category | GÉANT CoCo | REFEDS R&S | SWAMID R&E | SWAMID SFS-1993-1153 | ||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
| x
| transientId | SAML2 NameID | ||||||||||||||||||||||||||||||||
o | x | x | x | eduPersonTargetedID | urn:oid:1.3.6.1.4.1.5923.1.1.1.10 | o | x23 | |||||||||||||||||||||||||||||
eduPersonPrincipalName | urn:oid:1.3.6.1.4.1.5923.1.1.1.6 | o | x | x | ||||||||||||||||||||||||||||||||
eduPersonUniqueID34 | urn:oid:1.3.6.1.4.1.5923.1.1.1.13 | o | x | x | ||||||||||||||||||||||||||||||||
eduPersonOrcid | urn:oid:1.3.6.1.4.1.5923.1.1.1.16 | o | ||||||||||||||||||||||||||||||||||
norEduPersonNIN | urn:oid:1.3.6.1.4.1.2428.90.1.5 | o42 | x | |||||||||||||||||||||||||||||||||
personalIdentityNumber | urn:oid:1.2.752.29.4.13 | o42 | ||||||||||||||||||||||||||||||||||
schacDateOfBirth | urn:oid:1.3.6.1.4.1.25178.1.2.3 | o | ||||||||||||||||||||||||||||||||||
urn:oid:0.9.2342.19200300.100.1.3 | o | x | x | |||||||||||||||||||||||||||||||||
displayName | urn:oid:2.16.840.1.113730.3.1.241 | o | x | x | ||||||||||||||||||||||||||||||||
cn (commonName) | urn:oid:2.5.4.3 | o | x | |||||||||||||||||||||||||||||||||
givenName | urn:oid:2.5.4.42 | o | x | x | ||||||||||||||||||||||||||||||||
sn (surname) | urn:oid:2.5.4.4 | o | x | x | ||||||||||||||||||||||||||||||||
eduPersonAssurance | urn:oid:1.3.6.1.4.1.5923.1.1.1.11 | o | x | x | x | |||||||||||||||||||||||||||||||
eduPersonScopedAffiliation | urn:oid:1.3.6.1.4.1.5923.1.1.1.9 | o | x | x | ||||||||||||||||||||||||||||||||
eduPersonAffiliation | urn:oid:1.3.6.1.4.1.5923.1.1.1.1 | o | ||||||||||||||||||||||||||||||||||
o (organizationName) | urn:oid:2.5.4.10 | o | x | |||||||||||||||||||||||||||||||||
norEduOrgAcronym | urn:oid:1.3.6.1.4.1.2428.90.1.6 | o | x | |||||||||||||||||||||||||||||||||
c (countryName) | urn:oid:2.5.4.6 | o | x | |||||||||||||||||||||||||||||||||
co (friendlyCountryName)e | urn:oid:0.9.2342.19200300.100.1.43 | o | x | |||||||||||||||||||||||||||||||||
schacHomeOrganization | urn:oid:1.3.6.1.4.1.25178.1.2.9 | o | x | |||||||||||||||||||||||||||||||||
schacHomeOrganizationType | urn:oid:1.3.6.1.4.1.25178.1.2.10 | o |
...
- The entity category GÉANT Code of Conduct does not have a specific attribute bundle. Instead of an attribute bundle it uses attribute request in metadata for specific required attributes
...
2 eduPersonTargetedID should only be released in with the entity category REFEDS Research & Scholarship if eduPersonPrincipalName is reassignable.
...
- .
...
- norEduPersonNIN and personalIdentityNumber shall only be released when required by entities registered with in SWAMID (registrationAuthority="http://www.swamid.se/").
...
- personalIdentityNumber must only contain Swedish Personal Numbers or Swedish Co-ordination Numbers.
- norEduPersonNIN can besides Swedish Personal Numbers
...
- and Swedish Co-ordination Numbers also contain Interim Personal Numbers from the student documentation system Ladok and the Swedish national study enrolment system.
- eduPersonTargetedID should only be released in with the entity category REFEDS Research & Scholarship if eduPersonPrincipalName is reassignable.
- eduPersonUniqueID must be a long term unique identifier that will not be reused. If eduPersonPrincipalName is non-reassignable then eduPersonUniqueID can have the same value as eduPersonPrincipalName.
URI for all entity categories used within SWAMID
Entity category | Unique identifier | |
---|---|---|
GÉANT CoCo | http://www.geant.net/uri/dataprotection-code-of-conduct/v1 | |
REFEDS R&S | http://refeds.org/category/research-and-scholarship | |
SWAMID R&E | http://www.swamid.se/category/research-and-education | Is deprecated and will be completely removed 2021-03-31 |
SWAMID SFS-1993-1153 | http://www.swamid.se/category/sfs-1993-1153 | Is deprecated and will be completely removed 2021-03-31 |
SWAMID EU-Adequate-Protection | http://www.swamid.se/category/eu-adequate-protection | Is deprecated and will be completely removed 2021-03-31 |
SWAMID NREN-Service | http://www.swamid.se/category/nren-service | Is deprecated and will be completely removed 2021-03-31 |
SWAMID HEI-Service | http://www.swamid.se/category/hei-service |
...
Is deprecated and will be completely removed 2021-03-31 |
URI for all assurance profiles used within SWAMID
Entitetskategori | Unik identifierare |
---|---|
SWAMID AL1 | http://www.swamid.se/policy/assurance/al1 |
SWAMID AL2 | http://www.swamid.se/policy/assurance/al2 |
SWAMID AL2-MFA-HI | https://www.swamid.se/policy/authentication/swamid-al2-mfa-hi |
REFEDS Assurance Framework | https://refeds.org/assurance/* |
REFEDS SIRTFI | https://refeds.org/sirtfi |
...