Switch edu-ID Attribute Specification Change Log

The document Switch edu-ID Attribute Specification specifies the attributes used in the Switch edu-ID federation. This page documents the changes.

Back to the full list of attributes

Implementing the changes on the IdP and SP

Changes in version 1.7.4 (2024-01-10)

  • update attribute description of swissEduPersonUniqueID to clarify its requirements.
  • replace in swissEduPersonHomeOrganizationType the reference to Swiss ENIC by Swiss Agency for Accreditation and Quality Assurance (AAQ).
  • replace the terms AAI and SWITCHaai with Switch edu-ID.
  • in the friendly attribute names replace the prefix 'Swiss edu-ID' by 'edu-ID'.

Changes in version 1.7.3 (2023-06-29)

  • update attribute description of swissEduIDLinkedAffiliationMail to document the inclusion of swissEduPersonOrganizationalMail
  • add attribute swissEduIDUniqueID

Changes in version 1.7.2 (2023-02-14)

  • add chapter '1.3 Protocol Support' as well as OIDC specific details like claim names, types and scopes for the attributes that can be released via OIDC protocol.

Changes in version 1.7.1 (2022-09-21)

  • correct a copy & paste error in the schacPersonalUniqueCode examples

Changes in version 1.7 (2022-08-17)

  • document title modified: 'SWITCHaai Attribute Specification' instead of 'Attribute Specification'
  • new swissEduPerson & swissLibraryPerson attributes added: swissEduPersonMinimumAgeCategory, swissEduPersonOrganizationalMail, swissEduPersonPrivateMail, swissLibraryPersonResidenceCanton
  • new SWITCH edu-ID attributes added: swissEduIDAssociatedMail, swissEduIDAssuranceLevel, swissEduIDLinkedAffiliation, swissEduIDLinkedAffiliationMail, swissEduIDLinkedAffiliationUniqueID, swissEduIDUsage1y
  • new SCHAC & other attributes added: schacCountryOfCitizenship, schacPersonalUniqueCode, pairwise-id, subject-id, sshPublicKey, uidNumber, userPrincipalName
  • update mail with references to swissEduPersonOrganizationalMail and swissEduPersonPrivateMail
  • update swissEduPersonDateOfBirth to clarify the use of full-date format without the dashes and a reference to swissEduPersonMinimumAgeCategory
  • update swissEduPersonUniqueID with reference to caseIgnoreMatch and use of only upper or lower case characters, or to use a Base32 hash
  • update swissEduID with MUST for lower case hex digits only
  • adopts the changes from eduPerson(201602) v4.1.0 to eduPerson(202208) v4.4.0
  • update eduPersonOrcid example values and reference link
  • deprecate eduPersonTargetedID in favor of pairwise-id
  • correct schacHomeOrganizationType example value urn:schac:homeOrganizationType:eu:educationalInstitution. It was corrected in the SCHAC URN registry in April 2018.
  • the code lists for the attributes swissEduPersonBranch*, swissEduPersonStudyLevel and swissEduPersonStaffCategory are now online in .csv files, referenced from the attribute pages. The changes to the code lists are documented in code_list_changes.txt.

Changes in version 1.6 (2017-04-11)

  • list of attributes sorted by origin (PDF version only)
  • more consistent format for the attribute descriptions
  • swissEduPersonUniqueID: recommends to use only alphanumeric characters for the local part for compatibility with eduPersonUniqueId
  • swissLibraryPersonAffiliation: sets friendly name to 'Library Patron Affiliation'
  • swissLibraryPersonResidence: corrects the vocabulary to ISO 3166-1, sets friendly name to 'Library Patron Residence'
  • adopts the changes from eduPerson(201310) to eduPerson(201602)
  • eduPersonAssurance: renames the friendly name from 'Assurance level' to 'Assurance profile'
  • eduPersonNickname: corrects the '# of values' from 'single' to 'multi'
  • adds attributes: eduPersonOrcid, isMemberOf, ou, schacHomeOrganization, schacHomeOrganizationType
  • postalAddress, homePostalAddress: updates the examples to current recommomendations (no ISO country codes)
  • preferredLanguage: corrects the syntax from 'Integer {1}' to 'Directory String' and fixes the examples where the region codes were in lower case

Changes in version 1.5.0 (2015-09-01)

  • dropped the 'Usage' from all attribute descriptions
  • new attributes: swissLibraryPersonAffiliation, swissLibraryPersonResidence, eduPersonUniqueId, swissEduID
  • adopts the changes from eduPerson(201203) to eduPerson(201310)

Changes in version 1.4.2 (2012-10-25)

  • Updated Notes and Semantics according the changes from eduPerson(200806) to eduPerson(201203)

Changes in version 1.4.1 (2012-07-26)

  • Corrected the links to the cvs files in Appendix B and updated the example values for study branch 2 and 3

Changes in version 1.4 (2011-01-05)

  • Added new values tertiaryb and uppersecondary in swissEduPersonHomeOrganizationType attribute.

Changes in version 1.3 (2010-06-23)

Modified Document Title
"Attribute Specification" (used to be "AAI Attribute Specification")
Implementation Status on website
Added new chapter "Implementing the Attribute Specification" and removed implementation status from attribute definitions, now having the master information on the website for the implementation status.
New swissEduPerson Attribute
New swissEduPerson attribute added: swissEduPersonCardUID ("Card UID")
Alignment with eduPerson Specification
  • Added complete set of attributes from eduPerson specification to this document: (eduPersonTargetedID, eduPersonPrincipalName, eduPersonNickname, eduPersonScopedAffiliation, eduPersonPrimaryAffiliation, eduPersonPrimaryOrgUnitDN, eduPersonAssurance).
  • Added new value library-walk-in in eduPersonAffiliation attribute.
Layout
New layout of the document.

Changes in version 1.2 (2007-09-05)

Modified Document Title
To better reflect the purpose of this attribute specification, the title was changed from Authorization Attribute Specification to AAI Attribute Specification.
The attributes defined are used in the context of AAI and get transported via AAI from the Identity Provider to the Service Provider. There, they may be used for authorization purposes, but also beyond.
New Introduction
The newly written Introduction chapter refers to privacy and data protection considerations each person getting in touch with AAI attributes should take into account.
New Attribute 'User ID'
  • It provides a unique identifier for a person, like the swissEduPersonUniqueID. However, User ID is generally an ID used for authentication (login) within the users home organization.
  • For security reasons, the User ID attribute value should not be provided to resources outside the issuing home organization.
New Attribute 'Matriculation number'
It is a unique number assigned to each student when he/she matriculates the first time to a Swiss University or University of Applied Sciences.
New Attribute 'Employee number'
  • It identifies an employee within an organization, similar to the matriculation number for students.
  • For security reasons, the Employee number attribute value should not be provided to resources outside the issuing home organization, since it might be part of the credentials used for authentication (login).
'E-mail' mandatory to implement at IdP
It is now mandatory to implement this attribute at an Identity Provider participating in SWITCHaai. Before it was recommended only, but all existing IdPs have already implemented it.
'Unique ID': maximum length increased to 255 characters
The maximum length allowed for Unique ID was increased to 255 characters. That allows to use UUIDs (Universally Unique Identifier) as local part of such values.
UAS study branches updated and study levels added
For Universities of Applied Sciences (UAS), the list of study branch codes was updated and additional study levels were added. This follows the definitions provided by the SIUS/SHIS of the Federal Statistical Office.