...
If an owner of a Service and the Identity Provider Home Organisation has a bilateral agreement the attribute release can be extended with additional attributes based on the agreement.
...
Best Practice attribute release based on entity categories
x - Attribute is released if it's available in the Home Organisation Identity Provider.
o - Attribute is released only if requested and required in the metadata for the service and if it's available in the Home Organisation Identity Provider.
Attribut | SAML2 Attribute Identifier | Without enitity category | GÉANT CoCo | REFEDS R&S | SWAMID R&E | |
---|
|
|
|
Note |
---|
| Attribute released "only if requested and required" in metadata1. Note that norEduPersonNIN and personalIdentityNumber has additional restrictions2. |
|
|
Warning |
---|
title | Will be deprecated 2020-05-01 | Deprecated and will be removed from 2021-03-31 |
---|
| No new EntityID will be permitted to use this category from SWAMID 2020-09-01.
This entity category is under process to be deprecated and will in the future be replaced with REFEDS R&S or GÉANT CoCo depending on service. Last use of this entity category is 2020-10-31be removed from all entities 2021-03-31. The process of removal will start 2020-09-01. |
Info |
---|
| SWAMID R&E is used in pair with one of the entity categories SWAMID EU-Adequate-Protection, SWAMID NREN-Service and SWAMID HEI-Service |
|
Warning |
---|
title | Will be deprecated 2020-05-01Deprecated and will be removed from 2021-03-31 |
---|
| No new EntityID will be permitted to use this category from SWAMID 2020-09-01.
This entity category is under process to be deprecated and will in the future be replaced with GÉANT CoCo with entity registrar requirements. Last use of this entity category is 2020-10-31be removed from all entities 2021-03-31. The process of removal will start 2020-09-01. |
Note |
---|
| Attributes released only for users with a Swedish personal identity number (sv. personnummer), a Swedish co-ordination number (sv. samordningsnummer) or a organisational student interim identity number (sv. interimspersonnummer) |
|
---|
eduPersonTargetedID | urn:oid:1.3.6.1.4.1.5923.1.1.1.10 |
| o | x3 |
|
|
---|
eduPersonPrincipalName | urn:oid:1.3.6.1.4.1.5923.1.1.1.6 | | o | x | x | |
---|
eduPersonUniqueID4 | urn:oid:1.3.6.1.4.1.5923.1.1.1.13 | | o | x | x | |
---|
eduPersonOrcid | urn:oid:1.3.6.1.4.1.5923.1.1.1.16 | | o | |
| |
---|
norEduPersonNIN | urn:oid:1.3.6.1.4.1.2428.90.1.5 | | o2 |
| | x |
---|
personalIdentityNumber | urn:oid:1.2.752.29.4.13 | | o2 |
| | |
---|
schacDateOfBirth | urn:oid:1.3.6.1.4.1.25178.1.2.3 |
| o |
|
|
|
---|
mail | urn:oid:0.9.2342.19200300.100.1.3 | | o | x | x | |
---|
displayName | urn:oid:2.16.840.1.113730.3.1.241 | | o | x | x | |
---|
cn (commonName) | urn:oid:2.5.4.3 | | o | | x | |
---|
givenName | urn:oid:2.5.4.42 | | o | x | x | |
---|
sn (surname) | urn:oid:2.5.4.4 | | o | x | x | |
---|
eduPersonAssurance | urn:oid:1.3.6.1.4.1.5923.1.1.1.11 | | o | x | x | x |
---|
eduPersonScopedAffiliation | urn:oid:1.3.6.1.4.1.5923.1.1.1.9 | | o | x | x | |
---|
eduPersonAffiliation | urn:oid:1.3.6.1.4.1.5923.1.1.1.1 | | o | | | |
---|
o (organizationName) | urn:oid:2.5.4.10 | | o | | x | |
---|
norEduOrgAcronym | urn:oid:1.3.6.1.4.1.2428.90.1.6 | | o | | x | |
---|
c (countryName) | urn:oid:2.5.4.6 | | o | | x | |
---|
co (friendlyCountryName) | urn:oid:0.9.2342.19200300.100.1.43 | | o | | x | |
---|
schacHomeOrganization | urn:oid:1.3.6.1.4.1.25178.1.2.9 | | o | | x | |
---|
schacHomeOrganizationType | urn:oid:1.3.6.1.4.1.25178.1.2.10 | | o | | | |
---|
...
- The entity category GÉANT Code of Conduct does not have a specific attribute bundle. Instead of an attribute bundle it uses attribute request in metadata for specific required attributes.
- norEduPersonNIN and personalIdentityNumber shall only be released when required by entities registered with in SWAMID (registrationAuthority="http://www.swamid.se/").
- personalIdentityNumber must only contain Swedish Personal Numbers or Swedish Co-ordination Numbers.
- norEduPersonNIN can besides Swedish Personal Numbers and Swedish Co-ordination Numbers also contain Interim Personal Numbers from the student documentation system Ladok and the Swedish national study enrolement enrolment system.
- eduPersonTargetedID should only be released in with the entity category REFEDS Research & Scholarship if eduPersonPrincipalName is reassignable.
- eduPersonUniqueID must be a long term unique identifier that will not be reused. If eduPersonPrincipalName is non-reassignable then eduPersonUniqueID can have the same value as eduPersonPrincipalName.
URI for all entity categories used within SWAMID
URI for all assurance profiles used within SWAMID
...