This wiki will be under maintenance on Thursday 25 January between 18:00-22:00 CET. The site will be available, but will be READ ONLY during that period.
Page tree

Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Test Verdicts

Status
colourGreen
titleA
: IdP sends all necessary information

Status
colourYellow
titleB
: IdP sends minimal information

Status
colourYellow
titleC
: IdP sends basic information while some required information is missing

Status
colourYellow
titleC
: IdP sends eduPersonTargetedId with the wrong (legacy) syntax

Status
colourRed
titleD
: IdP sends superfluous personal information

Status
colourRed
titleD
: IdP sends some subset of the requested information, but not the basic information (see definition below)

Status
colourRed
titleF
: Incorrect value syntax (except for eptid eduPersonTargetedId above)

Status
colourRed
titleF
: R&S category support is indicated but its requirements are not satisfied

Status
colourRed
titleF
: No attributes received

Bonus points (A-C)

...

  • Redundant attributes are missing, but information is available
  • IdP sends superfluous non-personal information (see below for definitive list)

Statement for the "No Entity Category Test"

For this test a Service Provider is used that does have no entity category like R&S or the GÉANT Code of Conduct but just declares the attributes eduPersonScopedAffiliation, schacHomeOrganization, email and eduPersonPrincipalName as required attributes in metadata. The results of this tests are the two statements:

"Good data privacy but bad usability":
This means that the IdP was not releasing any attributes to this test SP even though it requested them. Depending on the IdP's iurisdiction, this behaviour is rather restrictive from a usability point of view because users most likely won't get access to eduGAIN services that have no entity categories unless the IdP has configured any specific attribute release rules. Still, IdP administrators in some countries feel safer with this setup from a legal/data privacy perspective.

"Good usability but bad data privacy":
This means that the IdP released some or all required attributes to this test SP just because the SP requested them. This policy is used by few Identity Providers. It is easy to implement and in most cases is beneficial to users because they gain access to more services because their attributes are released by default. From a privacy point of view some argue that IdPs using this approach might be a bit too generous in releasing data about the user, especially in case there is no user consent enforced during the login process and especially for services that are not relevant for the users studies or job. However, so far there are worldwide no cases known in the community where IdPs got into legal issues using this approach.

Terminology

  • Attribute: A non-empty SAML Attribute sent as a part of a SAML AttributeStatement
  • Information: Either an attribute or a set of attributes for which a transformation or combination algorithm is available to produce data for an application (ie: e-mail, affiliationname)
  • Requested information: The set of attributes or meta-attributes (such as a non-reassigned identifier or a name), that is requested by the SP by using SAML metadata, whether or not isRequired is flagged.
  • All necessary information: Set of released attributes that can provide all requested information
  • Minimal information = required information: If the tested SP has an entity category, where the minimal set is defined (such as R&S), the minimal information is the minimal set. Otherwise it is the set of attributes that can provide the subset of requested information, where isRequired is set in the SAML metadata.
  • Basic information: A set of attributes, including at least a persistent identifier represented by at least one of:
    • eduPersonPrincipalName
    • eduPersonTargetedId (either as a SAML NameID or an attribute)
    • eduPersonUniqueId
  • Superfluous attribute: Attribute that is sent by the IdP even though the information is not requested by the SP. Sending the same attribute in different NameFormats (such as URI and OID) does not count as superfluous information. A redundant attribute does not count as superfluous information, if the source attribute(s) is/are requested. As a special case, eduPersonTargetedId is not a superfluous attribute if eduPersonPrincipalName is requested either directly via a RequestedAttribute metadata element or indirectly by declaring R&S entity category.
  • R&S requirements: According to the R&S specification, the following attributes must be provided by an R&S IdP:
    • eduPersonPrincipalName
    • mail
    • displayName OR (givenName AND sn)
  • Redundant attributes: Information that can be extracted from one or more attributes:
    • schacHomeOrganization <= eduPersonScopedAffiliation
    • schacHomeOrganization <= eduPersonPrincipalName
    • eduPersonAffiliation <= eduPersonScopedAffiliation
    • cn <= sn+givenName
    • displayName <= sn+givenName
    • cn <= displayName
    • displayName <= cn
    • as a special case, even though sn and givenName can not be reliably extracted from cn or givenName, however for EARC ranking, they are treated as redundant to both cn and givenName.
    • eduPersonTargetedId <= SAML2 persistent NameID
  • Personal information: All received attributes except for
    • schacHomeOrganization
    • schacHomeOrganizationType
    • eduPersonAffiliation
    • eduPersonScopedAffiliation
    • o
    • eduPersonEntitlement with the value of "urn:mace:dir:entitlement:common-lib-terms" (other values are treated as personal attributes)

...