Entity categories are used for data release minimization and scalable attribute release from an Identity Provider within SWAMID to a Service Provider in SWAMID and/or eduGAIN.

If an owner of a Service and the Identity Provider Home Organisation has a bilateral agreement the attribute release can be extended with additional attributes based on the agreement.

Please note that the old entity categories SWAMD Research and Education and SWAMID SFS 1993:1153 is deprecated and will removed from all services metadata at the end of 2022.

Best Practice attribute release based on entity categories

x - Attribute is released if it's available in the Home Organisation Identity Provider.
o - Attribute is released only if requested and required in the metadata for the service and if it's available in the Home Organisation Identity Provider.

SAML2 Attribute IdentifierFriendly NameWithout enitity category

Data protection Code of Conduct (REFEDS CoCo v2 and GÉANT CoCo v1)

REFEDS Personalized Access Entity CategoryREFEDS Pseudonymous Access Entity CategoryREFEDS Anonymous Access Entity CategoryREFEDS Research and Scholarship Entity Category (R&S)




Attribute released
"only if requested and required" in metadata1.

Note that norEduPersonNIN and personalIdentityNumber has additional restrictions2.






urn:oasis:names:tc:SAML:attribute:pairwise-idpairwise-id
o
x

urn:oasis:names:tc:SAML:attribute:subject-idsubject-id
ox


urn:oid:1.3.6.1.4.1.5923.1.1.1.10eduPersonTargetedID
o


(x3)
urn:oid:1.3.6.1.4.1.5923.1.1.1.6eduPersonPrincipalName
o


x
urn:oid:1.3.6.1.4.1.5923.1.1.1.16eduPersonOrcid
o4



urn:oid:1.3.6.1.4.1.2428.90.1.5norEduPersonNIN
o2



urn:oid:1.2.752.29.4.13personalIdentityNumber
o2



urn:oid:1.3.6.1.4.1.25178.1.2.3 schacDateOfBirth
o



urn:oid:0.9.2342.19200300.100.1.3mail
ox

x
urn:oid:2.16.840.1.113730.3.1.13mailLocalAddress
o5



urn:oid:2.16.840.1.113730.3.1.241displayName
ox

x
urn:oid:2.5.4.3cn (aka commonName)
o6



urn:oid:2.5.4.42givenName
ox

x
urn:oid:2.5.4.4sn (aka surname)
ox

x
urn:oid:1.3.6.1.4.1.5923.1.1.1.11eduPersonAssurance
oxx
x7
urn:oid:1.3.6.1.4.1.5923.1.1.1.9eduPersonScopedAffiliation
oxxxx
urn:oid:1.3.6.1.4.1.5923.1.1.1.1eduPersonAffiliation
o



urn:oid:2.5.4.10o (aka organizationName)
o



urn:oid:1.3.6.1.4.1.2428.90.1.6norEduOrgAcronym
o



urn:oid:2.5.4.6c (aka countryName)
o



urn:oid:0.9.2342.19200300.100.1.43co (aka friendlyCountryName)
o



urn:oid:1.3.6.1.4.1.25178.1.2.9schacHomeOrganization
oxxx
urn:oid:1.3.6.1.4.1.25178.1.2.10schacHomeOrganizationType
o




  1. The entity category the REFEDS and GÉANT Code of Conduct entity categories does not have a specific attribute bundle. Instead of an attribute bundle it uses attribute request in metadata for specific required attributes.
  2. norEduPersonNIN and personalIdentityNumber shall only be released when required by entities registered with in SWAMID (registrationAuthority="http://www.swamid.se/").
  3. eduPersonTargetedID should only be released with the entity category REFEDS Research & Scholarship if eduPersonPrincipalName is reassignable. All Identity Providers in SWAMID must by the SWAMID Assurance Profiles be longterm unique and therefore it should not be released.
  4. eduPersonOrcid should only be released if and only if the IdP organization has retrived the ORCID iD via the ORCID Collect & Connect service. ORCID iDs are persistent digital identifiers for individual researchers. Their primary purpose is to unambiguously and definitively link them with their scholarly work products. ORCID iDs are assigned,managed and maintained by the ORCID organization.
  5. mailLocalAddress is used for services that may need access to more than one mail address for the user, for example mail aliases and secondary mail addresses. A use case for this is when a person is invited by another mail address than the one in released in the mail attribute.
  6. commonName must be the persons full name, not the attribute value from Active Directory.
  7. Within SWAMID the REFEDS Research and Scholarship Entity Category is extended to also include eduPersonAssurance.

URI for all entity categories used within SWAMID

Entity categoryUnique identifier
GÉANT Data Protection Code of Conduct Entity Categoryhttp://www.geant.net/uri/dataprotection-code-of-conduct/v1
REFEDS Data Protection Code of Conduct Entity Categoryhttps://refeds.org/category/code-of-conduct/v2
REFEDS Personalized Access Entity Categoryhttps://refeds.org/category/personalized
REFEDS Pseudonymous Access Entity Categoryhttps://refeds.org/category/pseudonymous
REFEDS Anonymous Access Entity Categoryhttps://refeds.org/category/anonymous
REFEDS Research and Scholarship Entity Category (R&S)http://refeds.org/category/research-and-scholarship
European Student Identifier  Entity Category (ESI)https://myacademicid.org/entity-categories/esi
SWAMID R&Ehttp://www.swamid.se/category/research-and-educationDeprecated
SWAMID SFS-1993-1153http://www.swamid.se/category/sfs-1993-1153Deprecated
SWAMID EU-Adequate-Protectionhttp://www.swamid.se/category/eu-adequate-protectionDeprecated
SWAMID NREN-Servicehttp://www.swamid.se/category/nren-serviceDeprecated
SWAMID HEI-Servicehttp://www.swamid.se/category/hei-serviceDeprecated


URI for all assurance profiles used within SWAMID

EntitetskategoriUnik identifierare
SWAMID AL1http://www.swamid.se/policy/assurance/al1
SWAMID AL2http://www.swamid.se/policy/assurance/al2
SWAMID AL3http://www.swamid.se/policy/assurance/al3
SWAMID AL2-MFA-HIhttps://www.swamid.se/policy/authentication/swamid-al2-mfa-hiDeprecated
REFEDS Assurance Frameworkhttps://refeds.org/assurance/*
REFEDS Security Incident Response Trust Framework for Federated Identity (SIRTFI) version 1https://refeds.org/sirtfi
REFEDS Security Incident Response Trust Framework for Federated Identity (SIRTFI) version 2https://refeds.org/sirtfi2