Now available for your normative referencing pleasure:
Young, I., Ed., Johansson, L., and S. Cantor, The Entity Category Security
Assertion Markup Language (SAML) Attribute Types, RFC 8409,
DOI 10.17487/RFC8409, August 2018.
See https://www.rfc-editor.org/info/rfc8409.
This has been cooking for quite a long time: the original discussions about the
need for something like this go back to early 2012, and the initial
specification drafts are from later in that year.
Some very early mail I have from Leif credits
RENATER (the operator of the French research and education identity
federation) with the original idea, but as you can see from the Acknowledgements
section it has definitely been one of those “it takes a village” enterprises.
The technical content hasn’t changed very much in the last five years, but it’s
wonderful to have a stable reference available for the many use cases and
specifications we have already built, and continue to build, on top of the
entity category concept.