Page tree
Skip to end of metadata
Go to start of metadata

Within the interface specifications, a number of generic SAML, XACML and specific Elektronische Toegangsdiensten attributes are defined. These form our "profile".

  • Generic attribute elements
    • EntityIDAll systems in the network are identified by a unique EntityID, which is specified in the SAML metadata.
    • Level of assuranceElektronische Toegangsdiensten distinguishes five different levels of assurance.
    • LinkedDeclarationSignatureValue
    • OIN formatThe OIN format is used to indicate participants, service providers and specific types of service consumers and intermediaries. OIN stands for Organization Identifying Number.
    • PseudonymsA user may be referred to as follows:
      • Encrypted PseudonymAn Encrypted Pseudonym is a Persistent Pseudonym encrypted under Polymoprohic Pseudonimization for a specific recipient.
      • Internal pseudonymThe internal pseudonym is determined by the AD and MUST be unique within the AD its context. Every time the same authentication token is used, it should return the same internal pseudonym. When requested by the user, a new pseudonym MAY always be ignored. An internal pseudonym that has been used MUST NOT be reused. The only exception is when an authentication token is replaced and the AD can determine with sufficient certainty that it is really being replaced. In this case, the same internal pse
      • Persistent PseudonymA Persistent Pseudonym is a pseudonym identifier for a natural person specific for the relying party, that is persistent independent of the Attesting Party.
      • Polymorphic PseudonymA Polymorphic Pseudonym is a cryptographic structure that can be transformed into a specific Encrypted Pseudonym, without disclosing the relevant subject due to Polymorphic Pseudonimization.
      • Specific pseudonymThe specific pseudonym is unique for each different combination of user, represented service consumer, intermediary and service provider.
    • ServiceIDServiceID is an identifier of a service that is unique in the context of the service provider.
    • ServiceUUIDServiceUUID is an identifier of a service that is unique in the context of the network, but not linked to one service provider.
  • SAML attribute elementsThis section describes the data elements that occur in messages as SAML attribute element.
    • ActingSubjectIDA SAML Attribute element with one or more identities of the user for one or more Relying Parties.
    • AuthorizationRegistryIDA SAML Attribute element with an EntityID from the MR that must be queried in the use case GUC4 Aantonen bevoegdheid.
    • DeprecatedActingSubjectIDA SAML Attribute element with one or more deprecated identities of the user for one or more Relying Parties, used to support migrations of identifiers.
    • EherkenningPreferredLanguageA URL or POST variable containing the language preference of user.
    • EntityConcernedID (SAML)A SAML Attribute element with the identifying attribute of the service consumer that is represented by the user (who might be the same).
    • IntendedAudienceA SAML Attribute element with an EntityID from the DV that will be the recipient of the response.
    • RepresentationA SAML Attribute element with an indication whether there is an issue of representation
    • ServiceID (SAML)A SAML Attribute element with the ServiceID of the service for which access is being requested or for which authorization has been determined.
    • ServiceUUID (SAML)A SAML Attribute element with the ServiceUUID of the service for which access is being requested or for which authorization has been determined.
  • XACML attribute elementsThis chapter describes all of the XACML data elements defined for Elektronische Toegangsdiensten.
    • ActingEntityIDA XACML Attribute element containing the specific pseudonym of the user.
    • ActingSubjectID (XACML)
    • Action-IDA XACML Attribute element containing the action ID.
    • AssertionConsumerServiceIndexAn XACML Attribute element based on the SAML attribute with the same name containing the value that MUST match an index of the AssertionConsumerService in the metadata of the Herkenningsmakelaar.
    • Assertions
    • DeprecatedActingSubjectID (XACML)A XACML Attribute element containing the specific pseudonym of the user, for purposes of migrating user identifiers.
    • EncryptedAttributeAn encrypted additional attribute whereby each encrypted attribute is assigned a unique Encrypted_DATA_ID  that is the same as the name of the attribute in the Attribute catalog.
    • IntermediatesA multi-value SAML Attribute element containing the identification attributes of intermediaries in a chain authorization.
    • LegalSubjectID
    • LevelOfAssuranceA XACML Attribute element containing the minimum level of assurance that is required by the service provider.
    • LevelOfAssuranceUsedAn XACML Attribute element containing the level of assurance of the registered authorization.
    • ServiceID (XACML)An optional XACML Attribute element that matches the SAML attribute described in ServiceID (SAML).
    • ServiceUUID (XACML)An optional XACML Attribute element that matches the SAML attribute described in ServiceUUID (SAML).

  • No labels