Entity categories is used for data release minimization and scalable attribute release from an Identity Provider within SWAMID to a Service Provider in SWAMID and/or eduGAIN.
Attribute release based on entity categories
x - Users are expected to have a value and that should be released, if no value is present do not release an empty value.
o - Release only if the user has a value on the attribute.
Attribut | SAML2 Attribute Identifier | Without enitity category | GÉANT CoCo | REFEDS R&S | SWAMID R&E | SWAMID SFS-1993-1153 |
---|---|---|---|---|---|---|
Release only if required attributes Release attribute "only if requested and required" in metadata1 | Will be deprecated This entity category is under process to be deprecated and will in the future be replaced with REFEDS R&S or GÉANT CoCo depending on service. Dependency SWAMID R&E is used in pair with one of the entity categories SWAMID EU-Adequate-Protection, SWAMID NREN-Service and SWAMID HEI-Service | Will be deprecated This entity category is under process to be deprecated and will in the future be replaced with GÉANT CoCo. Dependency Release only for users with a Swedish personal identity number (sv. personnummer), a Swedish co-ordination number (sv. samordningsnummer) or a organisational student interim identity number (sv. interimspersonnummer) | ||||
transientId | SAML2 NameID | x | x | x | x | x |
eduPersonTargetedID | urn:oid:1.3.6.1.4.1.5923.1.1.1.10 | x | x2 | |||
eduPersonPrincipalName | urn:oid:1.3.6.1.4.1.5923.1.1.1.6 | x | x | x | ||
eduPersonUniqueID3 | urn:oid:1.3.6.1.4.1.5923.1.1.1.13 | x | x | x | ||
eduPersonOrcid | urn:oid:1.3.6.1.4.1.5923.1.1.1.16 | o | ||||
norEduPersonNIN | urn:oid:1.3.6.1.4.1.2428.90.1.5 | o4 | o | |||
personalIdentityNumber | urn:oid:1.2.752.29.4.13 | o4 | ||||
urn:oid:0.9.2342.19200300.100.1.3 | x | x | x | |||
displayName | urn:oid:2.16.840.1.113730.3.1.241 | x | x | x | ||
cn (commonName) | urn:oid:2.5.4.3 | x | x | |||
givenName | urn:oid:2.5.4.42 | x | x | x | ||
sn (surname) | urn:oid:2.5.4.4 | x | x | x | ||
eduPersonAssurance | urn:oid:1.3.6.1.4.1.5923.1.1.1.11 | x | x | x | ||
eduPersonScopedAffiliation | urn:oid:1.3.6.1.4.1.5923.1.1.1.9 | x | x | |||
eduPersonAffiliation | urn:oid:1.3.6.1.4.1.5923.1.1.1.1 | x | ||||
o (organizationName) | urn:oid:2.5.4.10 | x | x | |||
norEduOrgAcronym | urn:oid:1.3.6.1.4.1.2428.90.1.6 | x | x | |||
c (countryName) | urn:oid:2.5.4.6 | x | x | |||
co (friendlyCountryName)e | urn:oid:0.9.2342.19200300.100.1.43 | x | x | |||
schacHomeOrganization | urn:oid:1.3.6.1.4.1.25178.1.2.9 | x | x | |||
schacHomeOrganizationType | urn:oid:1.3.6.1.4.1.25178.1.2.10 | x |
1 The entity category GÉANT Code of Conduct does not have a specific attribute bundle. Instead of an attribute bundle it uses attribute request in metadata for specific required attributes.
2 eduPersonTargetedID should only be released in with the entity category REFEDS Research & Scholarship if eduPersonPrincipalName is reassignable.
3 eduPersonUniqueID must be a long term unique identifier that will not be reused. If eduPersonPrincipalName is non-reassignable then eduPersonUniqueID can have the same value as eduPersonPrincipalName.
4 norEduPersonNIN and personalIdentityNumber shall only be released when required by entities registered with in SWAMID (registrationAuthority="http://www.swamid.se/"). personalIdentityNumber must only contain Swedish Personal Numbers or Swedish Co-ordination Numbers. norEduPersonNIN can besides Swedish Personal Numbers or Swedish Co-ordination Numbers also contain Interim Personal Numbers from the student documentation system Ladok and the Swedish national study enrolment system.
URI for all entity categories used within SWAMID
Entity category | Unique identifier |
---|---|
GÉANT CoCo | http://www.geant.net/uri/dataprotection-code-of-conduct/v1 |
REFEDS R&S | http://refeds.org/category/research-and-scholarship |
SWAMID R&E | http://www.swamid.se/category/research-and-education |
SWAMID SFS-1993-1153 | http://www.swamid.se/category/sfs-1993-1153 |
SWAMID EU-Adequate-Protection | http://www.swamid.se/category/eu-adequate-protection |
SWAMID NREN-Service | http://www.swamid.se/category/nren-service |
SWAMID HEI-Service | http://www.swamid.se/category/hei-service |
URI for all assurance profiles used within SWAMID
Entitetskategori | Unik identifierare |
---|---|
SWAMID AL1 | http://www.swamid.se/policy/assurance/al1 |
SWAMID AL2 | http://www.swamid.se/policy/assurance/al2 |
REFEDS SIRTFI | https://refeds.org/sirtfi |