This is a set of entity-categories (http://macedir.org) in use by SWAMID.
For a suggestion on how to consume and process this information in an Identity Provider look at the page Example of a standard attribute filter for Shibboleth IdP.
All entity categories (as well as other information) on services in SWAMID can be found at https://portal.nordu.net/display/SWAMID/Service+Providers
GÉANT Dataprotection Code of Conduct
Definition
The GÉANT Data protection Code of Conduct (CoC) defines an approach on European level to meet the requirements of the EU data protection directive for releasing mostly harmless personal attributes to a Service Provider (SP) from an Identity Provider (IdP). For more information please see GEANT Data Protection Code of Conduct..
SWAMID Service Provider Attribute Release Entity Categories
These categories defines release of mostly harmless personal attributes to a Service Provider (SP) from a Identity Provider (IdP). It's used together with SWAMID Data Protection Entity Categories above.
Entity categories is additive, this means that one Service Provider can have both research-and-education and sfs-1993-1153.
name below means givenName, surname, initials, displayName.
Category |
Description |
Expected IdP Behavior |
|---|---|---|
research-and-education |
SP is an application that directly or indirectly supports HEI institutions. |
Release eptid, eppn, email, name and scoped affilation plus static organisational information only if the SP is any of the above defined SWAMID Data Protection Entity Categories. |
sfs-1993-1153 |
SP is an application that fulfills SFS 1993:1153 |
Release eduPersonNIN. |
Research & Education
entity-category URI |
|---|
Definition
The Research & Education category applies to low-risk services that support research and education as an essential component.
For instance, a service that provides tools for both multi-institutional research collaboration and instruction is eligible as a candidate for this category. This category is very similar to InCommons Research & Scolarship Category. The recommended IdP behavior is to release name, eppn, eptid, mail and eduPersonScopedAffiliation which also aligns with the InCommon recommendation only if the services is also in at least one of the safe data processing categories. It is also a recommendation that static organisational information is released.
Process for applying for tagging a service with entity category Research & Education
The service operator sends an e-mail to operations@swamid.se with a formal request.
The request must contain the following information:
- Purpose and scope of the service.
- Valid SWAMID Data Protection Entity Category, ie. what type of organisation is legally responsible for the Service. The options are defined below (HEI Service, NREN Service or EU Adequate Protection).
Upon receiving a request SWAMID operations will *respond *within a fortnight.
SFS 1993:1153
entity-category URI |
|---|
Definition
The SFS 1993:1153 category applies to services that fulfill SFS 1993:1153.
SFS 1993:1153 limits membership in this category to services provided by Swedish HEI-institutions, UHR.se or SCB.se. Example services include common government operated student- and admissions administration services such as LADOK and NyA as well as enrollment and course registration services. Inclusion in this category is strictly reserved for applications that are governed by SFS 1993:1153 which implies that the application may make use of norEduPersonNIN. The recommended IdP behavior is to release norEduPersonNIN.
Examples of services that are viable for this entity category is a self service student account creation portal and a shared student portal with students from multiple universities.
Process for applying for tagging a service with entity category SFS 1993:1153
The service operator sends an e-mail to operations@swamid.se with a formal request.
The request must contain the following information:
- Purpose and scope of the service.
- Full description of why norEduPersonNIN is needed in the service.
Upon receiving a request SWAMID operations will evaluate against the Swedish legislation SFS 1993:1153 (2 kap. 6 § and 4 kap. 4 §). SWAMID operations will normally respond within a fortnight. If the evaluation is positive SWAMID operations will add the requested entity category to the service metadata.
SWAMID Data Protection Entity Categories
These categories indicate category classifaction of Identity Providers (IdP) that can release mostly harmless personal attributes to a Service Provider (SP). It's used together with SWAMID Service Provider Attribute Release Entity Categories below.
HEI Service
entity-category URI |
|---|
Definition
The application is provided by a Swedish Higher Education Institution (HEI) which is ultimately responsible for its operation.
This category is only relevant for attribute release from SWAMID registered IdPs to services at Swedish universities, Swedish university colleges and the Swedish Council for Higher Education.
NREN Service
entity-category URI |
|---|
Definition
The application is provided by SUNET (the Swedish National Research and Education Network, NREN) which is ultimately responsible for its operation.
This category is only relevant for attribute release from SWAMID registered IdPs to SUNET services.
EU Adequate Protection
entity-category URI |
|---|
Definition
The application is compliant with either
- EU data protection directive as implemented in the national legislation (the service is located in a EU or EES country) or
- EU adequate protection for 3rd countries according to EU Commission decisions on the adequacy of the protection of personal data in third countries (the service is located outside EU and EES).
This category includes for instance applications that is operated within Sweden or declares compliance with US safe-harbor and is operated in the US.