In order for SWAMID to work as effectively as possible for students and employees as well as for service providers and identity providers, SWAMID recommends that service providers use entity categories to get the attributes that they require.

In order for services within the SWAMID federation to work as effectively as possible, SWAMID recommends the use of entity categories. Entity categories benefits not only students and employees but also administrators of relying and identity providers by providing a stable framework for the release of attributes.

During autumn 2019, SWAMID has updated its entity category recommendations and these will be implemented in our production environment during 2020 and 2021.

This service is designed to help administrators of identity providers verify that their IdP follows the new recommendations.

SWAMID’s current recommendations for attribute release are available at https://wiki.sunet.se/display/SWAMID/SAML+WebSSO+Service+Provider+Best+Current+Practice .

Example configuration for Shibboleth can be found in the section entitled “Example of metadata configuration, attribute resolvers and attribute filters” on the following wiki page https://wiki.sunet.se/display/SWAMID/SAML+WebSSO+Identity+Provider+Best+Current+Practice .

The SWAMID best practice attribute release check consists of the following tests:

• assurance - Assurance Attribute test
• noec - No EC (shall not send any attributes!)
• anonymous - REFEDS Anonymous Access
• pseudonymous - REFEDS Pseudonymous Access
• personalized - REFEDS Personalized Access
• cocov2-1 - REFEDS CoCo part 1, from SWAMID
• cocov2-2 - REFEDS CoCo part 2, from SWAMID
• cocov2-3 - REFEDS CoCo, from outside SWAMID (requests civic number (personnummer) but this SHOULD NOT be released)
• cocov1-1 - GÉANT CoCo part 1, from SWAMID
• cocov1-2 - GÉANT CoCo part 2, from SWAMID
• cocov1-3 - GÉANT CoCo, from outside SWAMID (requests civic number (personnummer) but this SHOULD NOT be released)
• rands - REFEDS R&S

Multiple Code of Conduct test require different attributes which the IdP either SHOULD or SHOULD NOT release in accordance REFEDS/GÉANT Code of Conduct.

For further information on how personal data is processed in SWAMID Best Practice Attribute Release check see https://wiki.sunet.se/display/SWAMID/SWAMID+Entity+Category+Release+Check+-+Privacy+Policy

SWAMID MFA test. This is a two part test

1. REFEDS MFA without forceAuthn
2. REFEDS MFA with forceAuthn

European Student Identifier uses the entity category https://myacademicid.org/entity-categories/esi for release of attributes from the user's identity provider. This test verifies that all required attributes are released during login.