Versions Compared

Old Version 7

changes.mady.by.user Pål Axelsson

Saved on

compared with

New Version 81

changes.mady.by.user Pål Axelsson

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Entity categories is used for data release minimization and scalable attribute release from an Identity Provider within SWAMID to a Service Provider in SWAMID and/or eduGAIN.

If an owner of a Service and the Identity Provider Home Organisation has a bilateral agreement the attribute release can be extended with additional attributes based on the agreement.

Best Practice attribute release based on entity categories

x - Attribute is released if it's available in the Home Organisation Identity Provider.
o - Attribute is released only if requested and required in the metadata for the service and if it's available in the Home Organisation Identity Provider.

AttributSAML2 Attribute IdentifierWithout enitity category

Nedanstående tabell definierar vilka attribut som förmodas skickas från en IdP inom SWAMID till en SP inom SWAMID eller eduGAIN.

AttributUtan entitetskategori
GÉANT CoCoREFEDS R&SSWAMID R&E

SWAMID SFS-1993-1153

Eleg loa2-pnrBeroenden Only if requiered Endast tillsammans med någon av entitetskategorierna





Note
titleRestriction

Attribute released "only if requested and required" in metadata1.

Note that norEduPersonNIN and personalIdentityNumber has additional restrictions2.




Warning
titleDeprecated and will be removed from 2021-03-31

No new EntityID will be permitted to use this category from SWAMID 2020-09-01.

This entity category is deprecated and will be removed from all entities 2021-03-31. The process of removal will start 2020-09-01.


Info
titleDependency
SWAMID R&E is used in pair with one of the entity categories SWAMID
SWAMID
EU-Adequate-Protection, SWAMID

NREN-Service
eller
and SWAMID HEI-Service
 Endast för användare med SWAMID AL2



Warning
titleDeprecated and will be removed from 2021-03-31

No new EntityID will be permitted to use this category from SWAMID 2020-09-01.

This entity category is deprecated and will be removed from all entities 2021-03-31. The process of removal will start 2020-09-01.


Note
titleRestriction

Attributes released only for users with a Swedish personal identity number (sv. personnummer), a Swedish co-ordination number (sv. samordningsnummer) or a organisational student interim identity number (sv. interimspersonnummer)


eduPersonTargetedIDurn:oid:1.3.6.1.4.1.5923.1.1.1.10
ox3

eduPersonPrincipalNameurn:oid:1.3.6.1.4.1.5923.1.1.1.6 o
transientIdxxxxxxeduPersonTargetedIDxxxxxxeduPersonPrincipalName x
xx 
 eduPersonUniqueID
eduPersonUniqueID4urn:oid:1.3.6.1.4.1.5923.1.1.1.13 
x
oxx
 
 
eduPersonOrcid
 x
urn:oid:1.3.6.1.4.1.5923.1.1.1.16 
 
o 
 
norEduPersonNIN
 
urn:oid:1.3.6.1.4.1.2428.90.1.5 
 
o2
 x
xpersonalIdentityNumber 
personalIdentityNumberurn:oid:1.2.752.29.4.13 o2
  
  xmail x
schacDateOfBirthurn:oid:1.3.6.1.4.1.25178.1.2.3 
o


mailurn:oid:0.9.2342.19200300.100.1.3 oxx 
 displayName
displayNameurn:oid:2.16.840.1.113730.3.1.241 
x
oxx 
xcommonName
cn (commonName)urn:oid:2.5.4.3 
x
o x 
 givenName
givenNameurn:oid:2.5.4.42 
x
oxx 
xsurname
sn (surname)urn:oid:2.5.4.4 
x
oxx 
xeduPersonAssurance 
eduPersonAssuranceurn:oid:1.3.6.1.4.1.5923.1.1.1.11 ox
 
xx
 eduPersonScopedAffiliation
eduPersonScopedAffiliationurn:oid:1.3.6.1.4.1.5923.1.1.1.9 
x
oxx 
 eduPersonAffiliation
eduPersonAffiliationurn:oid:1.3.6.1.4.1.5923.1.1.1.1 
x
o   
 organizationName
o (organizationName)urn:oid:2.5.4.10 
x
o x 
 norEduOrgAcronym
norEduOrgAcronymurn:oid:1.3.6.1.4.1.2428.90.1.6 
x
o x 
 countryName
c (countryName)urn:oid:2.5.4.6 
x
o x 
 friendlyCountryName
co (friendlyCountryName)urn:oid:0.9.2342.19200300.100.1.43 
x
o x 
 schacHomeOrganization
schacHomeOrganizationurn:oid:1.3.6.1.4.1.25178.1.2.9 
x
o x 
 schacHomeOrganizationType
schacHomeOrganizationTypeurn:oid:1.3.6.1.4.1.25178.1.2.10 
x
o   
 

 

URI för alla entitetskategorier som används i SWAMID


  1. The entity category GÉANT Code of Conduct does not have a specific attribute bundle. Instead of an attribute bundle it uses attribute request in metadata for specific required attributes.
  2. norEduPersonNIN and personalIdentityNumber shall only be released when required by entities registered with in SWAMID (registrationAuthority="http://www.swamid.se/").
    • personalIdentityNumber must only contain Swedish Personal Numbers or Swedish Co-ordination Numbers.
    • norEduPersonNIN can besides  Swedish Personal Numbers and Swedish Co-ordination Numbers also contain Interim Personal Numbers from the student documentation system Ladok and the Swedish national study enrolment system.
  3. eduPersonTargetedID should only be released in with the entity category REFEDS Research & Scholarship if eduPersonPrincipalName is reassignable.
  4. eduPersonUniqueID must be a long term unique identifier that will not be reused. If eduPersonPrincipalName is non-reassignable then eduPersonUniqueID can have the same value as eduPersonPrincipalName.

URI for all entity categories used within SWAMID

Entity categoryUnique identifierEntitetskategoriUnik identifierare
GÉANT CoCohttp://www.geant.net/uri/dataprotection-code-of-conduct/v1
REFEDS R&Shttp://refeds.org/category/research-and-scholarship
SWAMID R&Ehttp://www.swamid.se/category/research-and-educationIs deprecated and will be completely removed 2021-03-31
SWAMID SFS-1993-1153http://www.swamid.se/category/sfs-1993-1153E-leg loa2-pnrhttp://id.elegnamnden.se/loa/1.0/loa2Is deprecated and will be completely removed 2021-03-31
SWAMID EU-Adequate-Protectionhttp://www.swamid.se/category/eu-adequate-protectionIs deprecated and will be completely removed 2021-03-31
SWAMID NREN-Servicehttp://www.swamid.se/category/nren-serviceIs deprecated and will be completely removed 2021-03-31
SWAMID HEI-Servicehttp://www.swamid.se/category/hei-service

 

Is deprecated and will be completely removed 2021-03-31


URI for all assurance profiles used within

...

SWAMID

EntitetskategoriUnik identifierare
SWAMID AL1http://www.swamid.se/policy/assurance/al1
SWAMID AL2http://www.swamid.se/policy/assurance/al2al2
SWAMID AL2-MFA-HIhttps://www.swamid.se/policy/authentication/swamid-al2-mfa-hi
REFEDS Assurance Frameworkhttps://refeds.org/assurance/*
REFEDS SIRTFIhttps://refeds.org/sirtfi

...