From 9accfa67bb0b43344ee25b2cd15f5fc0b2048061 Mon Sep 17 00:00:00 2001
From: Johan Lundberg <lundberg@sunet.se>
Date: Thu, 1 Dec 2022 16:21:14 +0100
Subject: update Swamid entity categories config

new config option NO_AGGREGATION
---
 src/saml2/entity_category/swamid.py | 60 ++++++++++++++++++++++++++++++++-----
 1 file changed, 53 insertions(+), 7 deletions(-)

diff --git a/src/saml2/entity_category/swamid.py b/src/saml2/entity_category/swamid.py
index 6fc1a007..ecbd01c5 100644
--- a/src/saml2/entity_category/swamid.py
+++ b/src/saml2/entity_category/swamid.py
@@ -30,14 +30,16 @@ R_AND_S = [
 ]
 
 GEANT_COCO = [
+    "pairwise-id",
+    "subject-id",
     "eduPersonTargetedID",
     "eduPersonPrincipalName",
-    "eduPersonUniqueID",
     "eduPersonOrcid",
     "norEduPersonNIN",
     "personalIdentityNumber",
     "schacDateOfBirth",
     "mail",
+    "mailLocalAddress",
     "displayName",
     "cn",
     "givenName",
@@ -53,16 +55,46 @@ GEANT_COCO = [
     "schacHomeOrganizationType",
 ]
 
+REFEDS_COCO = GEANT_COCO  # for now these two are identical
+
 MYACADEMICID_ESI = ["schacPersonalUniqueCode"]
 
+REFEDS_PERSONALIZED_ACCESS = [
+    "subject-id",
+    "mail",
+    "displayName",
+    "givenName",
+    "sn",
+    "eduPersonScopedAffiliation",
+    "eduPersonAssurance",
+    "schacHomeOrganization",
+]
+
+REFEDS_PSEUDONYMOUS_ACCESS = [
+    "pairwise-id",
+    "eduPersonScopedAffiliation",
+    "eduPersonAssurance",
+    "schacHomeOrganization",
+]
+
+REFEDS_ANONYMOUS_ACCESS = [
+    "eduPersonScopedAffiliation",
+    "schacHomeOrganization",
+]
+
+
 # These give you access to information
 RESEARCH_AND_EDUCATION = "http://www.swamid.se/category/research-and-education"  # Deprecated from 2021-03-31
 SFS_1993_1153 = "http://www.swamid.se/category/sfs-1993-1153"  # Deprecated from 2021-03-31
 RESEARCH_AND_SCHOLARSHIP = "http://refeds.org/category/research-and-scholarship"
-COCO = "http://www.geant.net/uri/dataprotection-code-of-conduct/v1"
+COCOv1 = "http://www.geant.net/uri/dataprotection-code-of-conduct/v1"
+COCOv2 = "https://refeds.org/category/code-of-conduct/v2"
 ESI = "https://myacademicid.org/entity-categories/esi"
+PERSONALIZED = "https://refeds.org/category/personalized"
+PSEUDONYMOUS = "https://refeds.org/category/pseudonymous"
+ANONYMOUS = "https://refeds.org/category/anonymous"
 
-# presently these don't by themself
+# presently these don't by themselves
 EU = "http://www.swamid.se/category/eu-adequate-protection"  # Deprecated from 2021-03-31
 NREN = "http://www.swamid.se/category/nren-service"  # Deprecated from 2021-03-31
 HEI = "http://www.swamid.se/category/hei-service"  # Deprecated from 2021-03-31
@@ -74,12 +106,26 @@ RELEASE = {
     (RESEARCH_AND_EDUCATION, NREN): NAME + STATIC_ORG_INFO + OTHER,
     (RESEARCH_AND_EDUCATION, HEI): NAME + STATIC_ORG_INFO + OTHER,
     RESEARCH_AND_SCHOLARSHIP: R_AND_S,
-    COCO: GEANT_COCO,
+    COCOv1: GEANT_COCO,
+    COCOv2: REFEDS_COCO,
     ESI: MYACADEMICID_ESI,
-    (ESI, COCO): MYACADEMICID_ESI + GEANT_COCO,
+    (ESI, COCOv1): MYACADEMICID_ESI + GEANT_COCO,
+    (ESI, COCOv2): MYACADEMICID_ESI + REFEDS_COCO,
+    # order is important for no aggregation categories as the last one wins if more than one is found
+    PERSONALIZED: REFEDS_PERSONALIZED_ACCESS,
+    PSEUDONYMOUS: REFEDS_PSEUDONYMOUS_ACCESS,
+    ANONYMOUS: REFEDS_ANONYMOUS_ACCESS,
 }
 
 ONLY_REQUIRED = {
-    COCO: True,
-    (ESI, COCO): True,
+    COCOv1: True,
+    COCOv2: True,
+    (ESI, COCOv1): True,
+    (ESI, COCOv2): True,
+}
+
+NO_AGGREGATION = {
+    PERSONALIZED: True,
+    PSEUDONYMOUS: True,
+    ANONYMOUS: True,
 }
-- 
cgit v1.2.1