You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 72 Next »

This is a set of entity-categories (http://macedir.org) in use by SWAMID.

For a suggestion on how to consume and process this information in an Identity Provider look at the page Attributfilter för entity-category i Shibboleth IdP.

All entity categories (as well as other information) on services in SWAMID can be found at https://portal.nordu.net/display/SWAMID/Service+Providers

GÉANT Dataprotection Code of Conduct

Definition

The GÉANT Data protection Code of Conduct (CoC) defines an approach on European level to meet the requirements of the EU data protection directive for releasing mostly harmless personal attributes to a Service Provider (SP) from an Identity Provider (IdP). For more information please see GEANT Data Protection Code of Conduct..

SWAMID Service Provider Attribute Release Entity Categories

These categories defines release of mostly harmless personal attributes to a Service Provider (SP) from a Identity Provider (IdP). It's used together with SWAMID Data Protection Entity Categories above.

Entity categories is additive, this means that one Service Provider can have both research-and-education and sfs-1993-1153.

name below means givenName, surname, initials, displayName.

Category

Description

Expected IdP Behavior

research-and-education

SP is an application that directly or indirectly supports HEI institutions.

Release eptid, eppn, email, name and scoped affilation plus static organisational information only if the SP is any of the above defined SWAMID Data Protection Entity Categories.

sfs-1993-1153

SP is an application that fulfills SFS 1993:1153

Release eduPersonNIN.

Research & Education

entity-category URI

http://www.swamid.se/category/research-and-education

Definition

The Research & Education category applies to low-risk services that support research and education as an essential component.

For instance, a service that provides tools for both multi-institutional research collaboration and instruction is eligible as a candidate for this category. This category is very similar to InCommons Research & Scolarship Category. The recommended IdP behavior is to release name, eppn, eptid, mail and eduPersonScopedAffiliation which also aligns with the InCommon recommendation only if the services is also in at least one of the safe data processing categories. It is also a recommendation that static organisational information is released.

Process for applying for tagging a service with entity category Research & Education

The service operator sends an e-mail to operations@swamid.se with a formal request.

The request must contain the following information:

  • Purpose and scope of the service.
  • Valid SWAMID Data Protection Entity Category, ie. what type of organisation is legally responsible for the Service. The options are defined below (HEI Service, NREN Service or EU Adequate Protection).

Upon receiving a request SWAMID operations will add the requested entity category to the service metadata within a fortnight.

SFS 1993:1153

entity-category URI

http://www.swamid.se/category/sfs-1993-1153

Definition

The SFS 1993:1153 category applies to services that fulfill SFS 1993:1153.

SFS 1993:1153 limits membership in this category to services provided by Swedish HEI-institutions, VHS.se or SCB.se. Example services include common government operated student- and admissions administration services such as LADOK and NyA as well as enrollment and course registration services. Inclusion in this category is strictly reserved for applications that are governed by SFS 1993:1153 which implies that the application may make use of norEduPersonNIN. The recommended IdP behavior is to release norEduPersonNIN.

Examples of services that are viable for this entity category is a self service student account creation portal and a shared student portal with students from multiple universities.

Process for applying for tagging a service with entity category SFS 1993:1153

The service operator sends an e-mail to operations@swamid.se with a formal request.

The request must contain the following information:

  • Purpose and scope of the service.
  • Full description of why norEduPersonNIN is needed in the service.

Upon receiving a request SWAMID operations will evaluate against the Swedish legislation SFS 1993:1153. SWAMID operations will normally respond within a fortnight. If the evaluation is positive SWAMID operations will add the requested entity category to the service metadata.

SWAMID Data Protection Entity Categories

These categories indicate category classifaction of Identity Providers (IdP) that can release mostly harmless personal attributes to a Service Provider (SP). It's used together with SWAMID Service Provider Attribute Release Entity Categories below.

EU Adequate Protection

entity-category URI

http://www.swamid.se/category/eu-adequate-protection

Definition

The application is compliant with any of the EU adequate protection for 3rd countries according to EU Commission decisions on the adequacy of the protection of personal data in third countries.

This category includes for instance applications that declares compliance with US safe-harbor.

NREN Service

entity-category URI

http://www.swamid.se/category/nren-service

Definition

The application is provided by the Swedish NREN (SUNET) which is ultimately responsible for its operation.

This category is only relevant for attribute-release between SWAMID registered IdPs and SUNET services.

HEI Service

entity-category URI

http://www.swamid.se/category/hei-service

Definition

The application is provided by a Swedish HEI which is ultimately responsible for its operation.

  • No labels