...
Upon receiving a request SWAMID operations will respond within two weeks.
Release without any recognized Entity Categories
Most Identity Providers within SWAMID sends no attributes when a service is not marked any entity category.
...
SWAMID deprecated entity categories
| Warning | ||
|---|---|---|
| ||
SWAMDI is under the process to deprecate old entity categories. All entity category based attribute released will be based on entity categories described above. |
SWAMID Service Provider Attribute Release Entity Categories (deprecated 2020-05-01)
These categories define the release of mostly harmless personal attributes to a Service Provider (SP) from a Identity Provider (IdP). It is used together with SWAMID Data Protection Entity Categories below.
...
Category | Description |
|---|---|
research-and-education | SP is an application that directly or indirectly supports HEI institutions. |
sfs-1993-1153 | SP is an application that fulfills SFS 1993:1153 |
SWAMID Research &
...
Education (deprecated 2020-05-01)
entity-category URI | |
|---|---|
| eduGAIN enabled | No |
...
For instance, a service that provides tools for both multi-institutional research collaboration and instruction is eligible as a candidate for this category. This category is very similar to InCommons Research & Scolarship Category. The expected IdP behaviour is to release name, eppn, eptid, mail and eduPersonScopedAffiliation only if the services is also in at least one of the safe data processing categories. It is also recommended that static organisational information is released. If the Identity Provider home organisation has fulfilled the requirements for SWAMID Assurance Profiles eduPersonAssurance should also be released.
Expected attribute release when paired with a SWAMID Data Protection Entity Category
| Attribute(s) | OID | Comment |
|---|---|---|
| transientId | SAML2 session user identifier. | |
| eduPersonTargetedID | 1.3.6.1.4.1.5923.1.1.1.10 | |
| eduPersonAssurance | 1.3.6.1.4.1.5923.1.1.1.11 | One or more Assurance Profiles for the user if it is defined, please see "3.3 Configure Shibboleth SP - Check for Identity Assurance or REFEDS SIRTFI" for more information. |
| eduPersonPrincipalName | 1.3.6.1.4.1.5923.1.1.1.6 | |
| 0.9.2342.19200300.100.1.3 | Can be more than one address released but Identity Providers are recommended to release only one. | |
| displayName, cn and/or givenName and sn | 2.16.840.1.113730.3.1.241, | A user's name can be released in different ways and it's recommended that the Service Provider can handle this. |
| eduPersonScopedAffiliation | 1.3.6.1.4.1.5923.1.1.1.9 | |
| o | 2.5.4.10 | |
| norEduOrgAcronym | 1.3.6.1.4.1.2428.90.1.6 | |
| c | 2.5.4.6 | |
| co | 0.9.2342.19200300.100.1.43 | |
| schacHomeOrganization | 1.3.6.1.4.1.25178.1.2.9 |
Process for applying for tagging a service with entity category Research & Education
The service operator sends an e-mail to operations@swamid.se with a formal request.
...
Upon receiving a request SWAMID operations will respond within two weeks.
SWAMID SFS 1993:
...
1153 (deprecated 2020-05-01)
entity-category URI | |
|---|---|
| eduGAIN enabled | No |
...
Examples of services that are viable for this entity category is a course registration self service and a student account creation service, a learning progression registration service and an internship administration self service.
Expected attribute release
| Attribute | OID | Comment |
|---|---|---|
| transientId | SAML2 session user identifier. | |
| eduPersonTargetedID | 1.3.6.1.4.1.5923.1.1.1.10 | |
| eduPersonAssurance | 1.3.6.1.4.1.5923.1.1.1.11 | One or more Assurance Profiles for the user if it is defined, please see "3.3 Configure Shibboleth SP - Check for Identity Assurance or REFEDS SIRTFI" for more information. |
| norEduPersonNIN | 1.3.6.1.4.1.2428.90.1.5 | Swedish goverment Personal Identity Number, Swedish goverment temporary Co-ordination number or Swedish National Admission system interim identity number. |
Process for applying for tagging a service with entity category SFS 1993:1153
The service operator sends an e-mail to operations@swamid.se with a formal request.
...
Upon receiving a request SWAMID operations will evaluate against the Swedish legislation SFS 1993:1153 (2 kap. 6 § and 4 kap. 4 §). SWAMID operations will normally respond within two weeks. If the evaluation is positive SWAMID operations will add the requested entity category to the service metadata.
SWAMID Data Protection Entity Categories (deprecated 2020-05-01)
These categories indicate category classifaction of Identity Providers (IdP) that can release mostly harmless personal attributes to a Service Provider (SP) in conjunction with the Swedish Personal Data Act (PUL). It is used together with the Research & Education Entity Category above.
SWAMID HEI
...
Service (deprecated 2020-05-01)
entity-category URI | |
|---|---|
| eduGAIN enabled | No |
...
| title | Will be deprecated |
|---|
...
| Info | ||
|---|---|---|
| ||
The application is provided by a Swedish Higher Education Institution (HEI) which is ultimately responsible for its operation. |
This category is only relevant for attribute release from SWAMID registered IdPs to services at Swedish universities, Swedish university colleges and the Swedish Council for Higher Education.
SWAMID NREN
...
Service (deprecated 2020-05-01)
entity-category URI | |
|---|---|
| eduGAIN enabled | No |
...
| title | Will be deprecated |
|---|
...
| Info | ||
|---|---|---|
| ||
The application is provided by SUNET (the Swedish National Research and Education Network, NREN) which is ultimately responsible for its operation. |
This category is only relevant for attribute release from SWAMID registered IdPs to SUNET services.
SWAMID EU Adequate Protection (deprecated 2020-05-01)
entity-category URI | |
|---|---|
| eduGAIN enabled | No |
...
| ||
This entity category is under process to be deprecated. | ||
| Info | ||
|---|---|---|
| ||
The application is compliant with either
|
Release without any recognized Entity Categories
...
|