Entity categories are used for data release minimization and scalable attribute release from an Identity Provider within SWAMID to a Service Provider in SWAMID and/or eduGAIN.

If an owner of a Service and the Identity Provider Home Organisation has a bilateral agreement the attribute release can be extended with additional attributes based on the agreement.

Best Practice attribute release based on entity categories

x - Attribute is released if it's available in the Home Organisation Identity Provider.
o - Attribute is released only if requested and required in the metadata for the service and if it's available in the Home Organisation Identity Provider.

SAML2 Attribute Identifier

Friendly Name

Without enitity category

GÉANT CoCo

REFEDS R&S

SWAMID R&E

SWAMID SFS-1993-1153

Attribute released "only if requested and required" in metadata¹.

Note that norEduPersonNIN and personalIdentityNumber has additional restrictions².

No new EntityID will be permitted to use this category from 2020-09-01.

This entity category is deprecated and will be removed from all entities 2021-12-31. The process of removal will start 2020-09-01.

SWAMID R&E is used in pair with one of the entity categories SWAMID EU-Adequate-Protection, SWAMID NREN-Service and SWAMID HEI-Service

No new EntityID will be permitted to use this category from 2020-09-01.

This entity category is deprecated and will be removed from all entities 2021-12-31. The process of removal will start 2020-09-01.

Attributes released only for users with a Swedish personal identity number (sv. personnummer), a Swedish co-ordination number (sv. samordningsnummer) or a organisational student interim identity number (sv. interimspersonnummer)

urn:oid:1.3.6.1.4.1.5923.1.1.1.10

eduPersonTargetedID

o

x³

urn:oid:1.3.6.1.4.1.5923.1.1.1.6

eduPersonPrincipalName

o

x

urn:oid:1.3.6.1.4.1.5923.1.1.1.13

eduPersonUniqueID ⁴

(deprecated and removed from example attribute-filter)

urn:oid:1.3.6.1.4.1.5923.1.1.1.16

eduPersonOrcid

o

urn:oid:1.3.6.1.4.1.2428.90.1.5

norEduPersonNIN

o²

x

urn:oid:1.2.752.29.4.13

personalIdentityNumber

o²

urn:oid:1.3.6.1.4.1.25178.1.2.3

schacDateOfBirth

o

urn:oid:0.9.2342.19200300.100.1.3

mail

o

x

urn:oid:2.16.840.1.113730.3.1.241

displayName

o

x

urn:oid:2.5.4.3

cn (aka commonName)

o

x

urn:oid:2.5.4.42

givenName

o

x

urn:oid:2.5.4.4

sn (aka surname)

o

x

urn:oid:1.3.6.1.4.1.5923.1.1.1.11

eduPersonAssurance

o

x

urn:oid:1.3.6.1.4.1.5923.1.1.1.9

eduPersonScopedAffiliation

o

x

urn:oid:1.3.6.1.4.1.5923.1.1.1.1

eduPersonAffiliation

o

urn:oid:2.5.4.10

o (aka organizationName)

o

x

urn:oid:1.3.6.1.4.1.2428.90.1.6

norEduOrgAcronym

o

x

urn:oid:2.5.4.6

c (aka countryName)

o

x

urn:oid:0.9.2342.19200300.100.1.43

co (aka friendlyCountryName)

o

x

urn:oid:1.3.6.1.4.1.25178.1.2.9

schacHomeOrganization

o

x

urn:oid:1.3.6.1.4.1.25178.1.2.10

schacHomeOrganizationType

o

The entity category GÉANT Code of Conduct does not have a specific attribute bundle. Instead of an attribute bundle it uses attribute request in metadata for specific required attributes.
norEduPersonNIN and personalIdentityNumber shall only be released when required by entities registered with in SWAMID (registrationAuthority="http://www.swamid.se/").
- personalIdentityNumber must only contain Swedish Personal Numbers or Swedish Co-ordination Numbers.
- norEduPersonNIN can besides Swedish Personal Numbers and Swedish Co-ordination Numbers also contain Interim Personal Numbers from the student documentation system Ladok and the Swedish national study enrolment system.
eduPersonTargetedID should only be released in with the entity category REFEDS Research & Scholarship if eduPersonPrincipalName is reassignable. All Identity Providers in SWAMID must by the SWAMID Assurance Profiles be lonterm unique and therefore it should not noramlly be released.
If the Identity Provider supports eduPersonUniqueID it must be a long term unique identifier that will not be reused. If eduPersonPrincipalName is non-reassignable then eduPersonUniqueID can have the same value as eduPersonPrincipalName. Used of eduPersonUniqueID is deprecated and no longer recommended. It has been removed from the example attribute-filters.

URI for all entity categories used within SWAMID

Entity category	Unique identifier
GÉANT CoCo	http://www.geant.net/uri/dataprotection-code-of-conduct/v1
REFEDS R&S	http://refeds.org/category/research-and-scholarship
SWAMID R&E	http://www.swamid.se/category/research-and-education	Deprecated and will be completely removed 2021-12-31
SWAMID SFS-1993-1153	http://www.swamid.se/category/sfs-1993-1153	Deprecated and will be completely removed 2021-12-31
SWAMID EU-Adequate-Protection	http://www.swamid.se/category/eu-adequate-protection	Deprecated and will be completely removed 2021-12-31
SWAMID NREN-Service	http://www.swamid.se/category/nren-service	Deprecated and will be completely removed 2021-12-31
SWAMID HEI-Service	http://www.swamid.se/category/hei-service	Deprecated and will be completely removed 2021-12-31

URI for all assurance profiles used within SWAMID

Entitetskategori	Unik identifierare
SWAMID AL1	http://www.swamid.se/policy/assurance/al1
SWAMID AL2	http://www.swamid.se/policy/assurance/al2
SWAMID AL3	http://www.swamid.se/policy/assurance/al3
SWAMID AL2-MFA-HI	https://www.swamid.se/policy/authentication/swamid-al2-mfa-hi	Deprecated and will be completely removed 2021-12-31
REFEDS Assurance Framework	https://refeds.org/assurance/*
REFEDS SIRTFI	https://refeds.org/sirtfi