Versions Compared

Old Version 205

changes.mady.by.user Pål Axelsson

Saved on

compared with

New Version 206

changes.mady.by.user Pål Axelsson

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Warning

SWAMID has deprecated old entity categories. All future entity category based attribute released will be based on entity categories described above.

Deprecation process:

  • From 2019-10-23 all new services need to register with both the old SWAMID entity categories and the entity categories described above.
  • From 2020-09-01 all new services will only be registered with the entity categories described above, not the old SWAMID ones.
  • From 2020-09-01 to 2021-12-31 all current services will be moved from the old SWAMID entity categories to the entity categories described above. The services are resposible for changing the entity categories.
    • 2021-12-31 all services that still has the old entity categories will have these entity categories removed from SWAMID metadata

    entity categories described above.


    Expand
    titleSWAMID Service Provider Attribute Release Entity Categories (deprecated 2020-09-01 with transitional use until 2021-12-31)

    SWAMID Service Provider Attribute Release Entity Categories (deprecated 2020-09-01

    with transitional use until 2021-12-31

    )

    These categories define the release of mostly harmless personal attributes to a Service Provider (SP) from a Identity Provider (IdP). It is used together with SWAMID Data Protection Entity Categories below.

    Tip

    Entity categories is additive, this means that one Service Provider can have both research-and-education and sfs-1993-1153.

    name below means givenName, surname, initials, displayName.


    Category

    Description

    research-and-education

    SP is an application that directly or indirectly supports HEI institutions.

    sfs-1993-1153

    SP is an application that fulfills SFS 1993:1153

    SWAMID Research & Education (deprecated 2020-09-01

    with transitional use until 2021-12-31

    )

    entity-category URI

    http://www.swamid.se/category/research-and-education

    eduGAIN enabledNo


    Warning
    titleDeprecated 2020-09-01

    SWAMID Research & Education entity category is deprecated and is replaced with REFEDS R&S or GÉANT CoCo depending on service.


    Info
    titleDefinition

    The Research & Education category applies to low-risk services that support research and education as an essential component.

    To release attributes to services tagged with the Research & Education category the service must also be tagged with at least one of the SWAMID Data Protection Entity Categories.

    For instance, a service that provides tools for both multi-institutional research collaboration and instruction is eligible as a candidate for this category. This category is very similar to InCommons Research & Scolarship Category. The expected IdP behaviour is to release name, eppn, eptid, mail and eduPersonScopedAffiliation only if the services is also in at least one of the safe data processing categories. It is also recommended that static organisational information is released. If the Identity Provider home organisation has fulfilled the requirements for SWAMID Assurance Profiles eduPersonAssurance should also be released.

    Expected attribute release when paired with a SWAMID Data Protection Entity Category

    Attribute(s)OIDComment
    transientId SAML2 session user identifier.
    eduPersonTargetedID1.3.6.1.4.1.5923.1.1.1.10 
    eduPersonAssurance1.3.6.1.4.1.5923.1.1.1.11One or more Assurance Profiles for the user if it is defined, please see "3.3 Configure Shibboleth SP - Check for Identity Assurance or REFEDS SIRTFI" for more information.
    eduPersonPrincipalName1.3.6.1.4.1.5923.1.1.1.6 
    mail0.9.2342.19200300.100.1.3Can be more than one address released but Identity Providers are recommended to release only one.
    displayName, cn and/or givenName and sn

    2.16.840.1.113730.3.1.241,
    2.5.4.3, 2.5.4.42, 2.5.4.4

    		A user's name can be released in different ways and it's recommended that the Service Provider can handle this.
    eduPersonScopedAffiliation1.3.6.1.4.1.5923.1.1.1.9 
    o2.5.4.10 
    norEduOrgAcronym1.3.6.1.4.1.2428.90.1.6 
    c2.5.4.6 
    co0.9.2342.19200300.100.1.43 
    schacHomeOrganization1.3.6.1.4.1.25178.1.2.9 

    Process for applying for tagging a service with entity category Research & Education

    The service operator sends an e-mail to operations@swamid.se with a formal request.

    The request must contain the following information:

    • Purpose and scope of the service.
    • Valid SWAMID Data Protection Entity Category, i.e. what type of organisation is legally responsible for the Service. The options are defined below (HEI Service, NREN Service or EU Adequate Protection).

    Upon receiving a request SWAMID operations will respond within two weeks.

    SWAMID SFS 1993:1153 (deprecated 2020-09-01

    with transitional use until 2021-12-31

    )

    entity-category URI

    http://www.swamid.se/category/sfs-1993-1153

    eduGAIN enabledNo


    Warning
    titleDeprecated 2020-09-01

    SWAMID SFS 1993:1153 entity category is deprecated and is replaced with GÉANT CoCo.


    Info
    titleDefinition

    The SFS 1993:1153 category is strictly reserved for services that are governed by the Swedish legislation SFS 1993:1153.

    SFS 1993:1153 limits membership in this category to services provided by Swedish universities, Swedish university colleges and the Swedish government agencies Swedish Council for Higher Education (UHR) and Statistics Sweden (SCB).

    The entity category is intended for common government operated student admissions and achieved learning administration services such as NyA and LADOK as well as services for student account enrollment, course registration and learning progression processes at universities and university colleges.

    Inclusion in this category is strictly reserved for services that fulfill SFS 1993:1153 which implies that the application may make use of norEduPersonNIN, i.e. the Swedish Personal identity number, the Swedish Co-ordination number or the Higher education personal interim identity number. The expected IdP behavior is to release norEduPersonNIN. If the Identity Provider home organisation has fulfilled the requirements for SWAMID Assurance Profiles eduPersonAssurance should also be released.

    Examples of services that are viable for this entity category is a course registration self service and a student account creation service, a learning progression registration service and an internship administration self service.

    Expected attribute release

    AttributeOIDComment
    transientId SAML2 session user identifier.
    eduPersonTargetedID1.3.6.1.4.1.5923.1.1.1.10 
    eduPersonAssurance1.3.6.1.4.1.5923.1.1.1.11One or more Assurance Profiles for the user if it is defined, please see "3.3 Configure Shibboleth SP - Check for Identity Assurance or REFEDS SIRTFI" for more information.
    norEduPersonNIN1.3.6.1.4.1.2428.90.1.5Swedish goverment Personal Identity Number, Swedish goverment temporary Co-ordination number or Swedish National Admission system interim identity number.

    Process for applying for tagging a service with entity category SFS 1993:1153

    The service operator sends an e-mail to operations@swamid.se with a formal request.

    The request must contain the following information:

    • Purpose and scope of the service.
    • Full description of why norEduPersonNIN is needed in the service.

    Upon receiving a request SWAMID operations will evaluate against the Swedish legislation SFS 1993:1153 (2 kap. 6 § and 4 kap. 4 §). SWAMID operations will normally respond within two weeks. If the evaluation is positive SWAMID operations will add the requested entity category to the service metadata.

    SWAMID Data Protection Entity Categories (deprecated 2020-09-01

    with transitional use until 2021-12-31

    )

    These categories indicate category classifaction of Identity Providers (IdP) that can release mostly harmless personal attributes to a Service Provider (SP) in conjunction with the Swedish Personal Data Act (PUL). It is used together with the Research & Education Entity Category above.

    SWAMID HEI Service (deprecated 2020-09-01

    with transitional use until 2021-12-31

    )

    entity-category URI

    http://www.swamid.se/category/hei-service

    eduGAIN enabledNo



    Info
    titleDefinition

    The application is provided by a Swedish Higher Education Institution (HEI) which is ultimately responsible for its operation.

    This category is only relevant for attribute release from SWAMID registered IdPs to services at Swedish universities, Swedish university colleges and the Swedish Council for Higher Education.

    SWAMID NREN Service (deprecated 2020-09-01

    with transitional use until 2021-12-31

    )

    entity-category URI

    http://www.swamid.se/category/nren-service

    eduGAIN enabledNo



    Info
    titleDefinition

    The application is provided by SUNET (the Swedish National Research and Education Network, NREN) which is ultimately responsible for its operation.

    This category is only relevant for attribute release from SWAMID registered IdPs to SUNET services.

    SWAMID EU Adequate Protection (deprecated 2020-09-01

    with transitional use until 2021-12-31

    )

    entity-category URI

    http://www.swamid.se/category/eu-adequate-protection

    eduGAIN enabledNo



    Info
    titleDefinition

    The application is compliant with either


    ...