This is a set of entity-categories (http://macedir.org) in use by SWAMID.
For a suggestion on how to consume and process this information in an Identity Provider look at the page Attributfilter för entity-category i Shibboleth IdP.
GÉANT Dataprotection Code of Conduct
Definition
The GÉANT Data protection Code of Conduct (CoC) defines an approach on European level to meet the requirements of the EU data protection directive for releasing mostly harmless personal attributes to a Service Provider (SP) from an Identity Provider (IdP). For more information please see GEANT Data Protection Code of Conduct..
SWAMID Data Protection Entity Categories
These categories indicate category classifaction of Identity Providers (IdP) that can release mostly harmless personal attributes to a Service Provider (SP). It's used together with SWAMID Service Provider Attribute Release Entity Categories below.
EU Adequate Protection
entity-category URI |
|---|
Definition
The application is compliant with any of the EU adequate protection for 3rd countries according to EU Commission decisions on the adequacy of the protection of personal data in third countries.
This category includes for instance applications that declares compliance with US safe-harbor.
NREN Service
entity-category URI |
|---|
Definition
The application is provided by the Swedish NREN (SUNET) which is ultimately responsible for its operation.
This category is only relevant for attribute-release between SWAMID registered IdPs and SUNET services.
HEI Service
entity-category URI |
|---|
Definition
The application is provided by a Swedish HEI which is ultimately responsible for its operation.
SWAMID Service Provider Attribute Release Entity Categories
These categories defines release of mostly harmless personal attributes to a Service Provider (SP) from a Identity Provider (IdP). It's used together with SWAMID Data Protection Entity Categories above.
Entity categories is additive, this means that en Service Provider can have both research-and-education and sfs-1993-1153.
name below means givenName, surname, initials, displayName.
Category |
Description |
Expected IdP Behavior |
|---|---|---|
research-and-education |
SP is an application that directly or indirectly supports HEI institutions. |
Release eptid, eppn, email, name and scoped affilation plus static organisational information only if the SP is any of the above defined SWAMID Data Protection Entity Categories. |
sfs-1993-1153 |
SP is an application that fulfills SFS 1993:1153 |
Release eduPersonNIN. |
Research & Education
entity-category URI |
|---|
Definition
The Research & Education category applies to low-risk services that support research and education as an essential component.
For instance, a service that provides tools for both multi-institutional research collaboration and instruction is eligible as a candidate for this category. This category is very similar to InCommons Research & Scolarship Category. The recommended IdP behavior is to release name, eppn, eptid, mail and eduPersonScopedAffiliation which also aligns with the InCommon recommendation only if the services is also in at least one of the safe data processing categories. It is also a recommendation that static organisational information is released.
SFS 1993:1153
entity-category URI |
|---|
Definition
The SFS 1993:1153 category applies to services that fulfill SFS 1993:1153.
SFS 1993:1153 limits membership in this category to services provided by Swedish HEI-institutions, VHS.se or SCB.se. Example services include common government-operated student- and admissions administration services such as LADOK and NyA aswell as enrollment and course registration services. Inclusion in this category is strictly reserved for applications that are governed by SFS 1993:1153 which implies that the application may make use of norEduPersonNIN. The recommended IdP behavior is to release norEduPersonNIN.