Page History

urn:mace

urn:mace:terena.org:attribute-def:schacHomeOrganizationType

urn:oid

urn:oid:1.3.6.1.4.1.25178.1.2.10

Multiplicity

single-value

Description

designation of the Organisation type of organisation as defined on http://www.terena.org/registry/terena.org/schac/homeOrganizationTypeby Terena.

Notes

In practice

this attribute is almost not

used by IdPs or SPs

; contact support@surfconext.nl if you would like to use

it.

urn:mace

urn:oid

urn:oid:1.3.6.1.4.1.25178.1.2.14

Multiplicity

multi-value

Description

The user's student, employee, and/or member id as id used in the university's internal systems.

Notes

• Is mainly used to match user accounts of the university's internal systems.
• Attribute values are registered by SURFnet on https://wiki.surfnet.nl/x/xoTdAg.
• Contact support@surfconext.nl if you want Please contact the SURFnet support team if you would like to use this attribute as an SP, or if you would like to provide it as an IdP.
• This attribute's main use is for matching user accounts to the university's internal systems

• .

urn:mace

urn:mace:

urn:mace

urn:mace:dir:attribute-def:eduPersonAffiliation

urn:oid

urn:oid:1.3.6.1.4.1.5923.1.1.1.1

Multiplicity

multi-valued

Description

Indicates the relationship Relationship between the user and his home organisation (institution). The following values are permitted within SURFconext:

• student — A person enrolled at an institution, an external student or course participant
• employee — A person with a position at or labour agreement with an institution
• staff — All academic staff (in Dutch: wetenschappelijk personeel, or WP) and teachers
• member — Anyone that holds someone holding at least one of the above affiliations is also a member

• affiliate — person who is authorized by the Institution (not (yet) used by any services

• affiliate — A person who is authorised by the Institution, pursuant to the licence model concluded by the Institution, to use the Service

• )

Notes

• Any user who has Users with the affiliation student, employee, or staff, should also have the value member.
• Identity Providers might internally can use additional values for the affiliation attribute, such as alum. Per SURFconext policy, the IdP may not allow such users other values (e.g. alum). However they are not allowed to access SURFconext.
• Other values mentioned in the eduPerson specification include: faculty, like faculty and library-walk-in. These values are not used allowed within SURFconext.
• According to the eduPerson specification, the values of this attribute are case insensitive; for interoperability reasons however, we require Use only lower-case values as specified above in SURFconext.

urn:mace

urn:mace:dir:attribute-def:eduPersonScopedAffiliation

urn:oid

urn:oid:1.3.6.1.4.1.5923.1.1.1.9 

Multiplicity

multi-valued

Description

Indicates the relationship between the user and a specific (security) domain with his home organisation.  The values consist of an affiliation and a security domain, concatenated with a @-sign, i.e. <affiliation>@<sub.domain.nl>. In this way, the relationship between a user and his institution can be specified organisation in a fine-grained way. For example, it allows for specification can specify that a user is a student in the Physics department , or a secretary works working in a specific department within a faculty.The affiliation-part must be .The value consists of an affiliation-part and a domain-part, i.e. <affiliation>@<sub.domain.nl>.

• The affiliation-part must be one of the values allowed

• for Affiliation (see above)

• student — A person enrolled at an institution, an external student or course participant
• employee — A person with a position at or labour agreement with an institution
• staff — All academic staff (in Dutch: wetenschappelijk personeel, or WP) and teachers
• member — Anyone that holds at least one of the above affiliations is also a member

The following value(s) are allowed, but not (yet) used by any services:

• affiliate — A person who is authorised by the Institution, pursuant to the licence model concluded by the Institution, to use the Service.
• The domain-part

• must be a subdomain of the user's schacHomeOrganization. This subdomain does not necessarily need to exist in DNS. E.

• g if schacHomeOrganization = uniharderwijk.nl,

• the domain

• -part could be science.uniharderwijk.nl

• or physics.science.uniharderwijk.nl,

student@physics.uniharderwijk.nl
employee@facilities.uniharderwijk.nl

Notes

• This attribute can Can be used to express the faculty, field of study, department, etc. to which a user is affiliated.
• As this The attribute is multivalued, it is easily possible to express that : a user is can be a student in a certain field , and at the same time is employed by a different an employee of a certain department of the university.
• There is no common register or policy of which subdomains are valid or express a certain concept. For example, staff@cs.uniharderwijk.nl might indicate the user is a staff member of the computer science department of the University of Harderwijk, while staff@cs.surfnet.nl might indicate an employee of the community support department of SURFnet. Therefore, if you are an SP and would like to use this attribute, you always need to confer with the university if you need to interpret these values.