This page provides an overview of the concept of entity categories, which is crucial for collaboration within large federations such as eduGAIN or DFN-AAI.

What are entity categories?

Entity categories are standardized classifications that enable RWTH (identity provider, IdP) to deal more efficiently with a large number of service providers (SP) in eduGAIN.

Instead of manually deciding for each service which data (e.g., name, email address) may be transferred, entity categories allow blanket rules to be established. Services that meet certain standards receive a corresponding tag in their metadata. RWTH can thus specify: "We automatically send the first name, last name, and email address to all services with the 'Research & Scholarship' tag."

Important categories

The following entity categories are most common in the context of Shibboleth:

• REFEDS R&S (Research & Scholarship):
  • Purpose: Specifically for scientific and research services (e.g., wikis, repositories, analysis tools).
    Data exchange: IdPs that support R&S transmit a minimal data set: name, email address, and a unique ID (e.g., eduPersonPrincipalName).
• GÉANT Data Protection Code of Conduct (CoCo):
  • Purpose: A promise by the service operator that it complies with European data protection regulations (GDPR).
    Effect: Increases the IdP operator's confidence that the data will be processed securely.
• Sirtfi (Security Incident Response Trust Framework for Federated Identity):
  • Purpose: Not a data exchange profile, but a security profile.
    Meaning: Indicates that the institution is able to respond quickly to security incidents (hacker attacks, data leaks) and cooperate with other federation members.

Visualisation as a bridge between identity provider and service provider

The following diagram illustrates the role of entity categories as standardized interfaces between the identity provider (RWTH) and global service providers:

Context within the Federation

• RWTH Federation / IdM.nrw: Defines specific local rules for data exchange (e.g., for state-wide library services).
• DFN-AAI: Manages the allocation of these categories for German institutions and checks whether the requirements are met.
• eduGAIN: This platform enables entity categories to achieve their full potential. It overcomes linguistic and legal barriers between different countries through the application of technical standards.

In summary, the federations form the trust framework (“the network”), while the entity categories regulate the automated flow of user data within this network.