Versions Compared

Old Version 14

changes.mady.by.user Unknown User (urn:collab:person:surfguest.nl:d09fa6a3-58f5-48a7-aa62-17f02489c888)

Saved on

compared with

New Version 15

changes.mady.by.user Unknown User (urn:collab:person:surfguest.nl:d09fa6a3-58f5-48a7-aa62-17f02489c888)

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

urn:mace

urn:mace:dir:attribute-def:eduPersonScopedAffiliation

urn:oid

urn:oid:1.3.6.1.4.1.5923.1.1.1.9 

Multiplicity

multi-valued

Data typeUTF8 String of the form affiliation@subdomain.

Description

Indicates the relationship between the user and a specific (security) domain with his home organisation in a fine-grained way. For example, it can specify that a user is a student in the Physics department or a secretary working in a specific department.The value consists of an affiliation-part and a domain-part, i.e. <affiliation>@<sub.domain.nl>.

  • The affiliation-part must be one of the values allowed for Affiliation (see above).
  • The domain-part must be a subdomain of the user's schacHomeOrganization. This subdomain does not necessarily need to exist in DNS. E.g if schacHomeOrganization = uniharderwijk.nl, the domain-part could be science.uniharderwijk.nl or physics.science.uniharderwijk.nl,
Examples

student@physics.uniharderwijk.nl
employee@facilities.uniharderwijk.nl

Notes

  • Can be used to express the faculty, field of study, department, etc. to which a user is affiliated.
  • The attribute is multivaluedmulti-valued: a user can be a student in a certain field and at the same time an employee of a certain department of the university.
  • There is no common register or policy of which subdomains are valid or express a certain concept. For example, staff@cs.uniharderwijk.nl might indicate the user is a staff member of the computer science department of the University of Harderwijk, while staff@cs.surfnet.nl might indicate an employee of the community support department of SURFnet. Therefore, if you are an SP and would like valid subdomains. SP's wanting to use this attribute, you always need to confer with the university if you need the IdP to interpret these the values of Scoped Affiliation.

Entitlement

urn:mace

urn:mace:dir:attribute-def:eduPersonEntitlement

urn:oid

urn:oid:1.3.6.1.4.1.5923.1.1.1.7

Multiplicity

multi-value

Data typeRFC-2141 URN

Description

entitlement; custom Custom URI (URL or URN) that indicates indicating an entitlement to something.

Examples

urn:mace:terena.org:tcs:personal-admin
urn:x-surfnet:surfdomeinen.nl:role:dnsadmin

Notes

  • This attribute can Can be used to communicate entitlements, roles, etc, from identity providers to services, which can be used , for example , for authorization.
  • The values of this attribute are scoped to the identity provider that is authoritative for the attribute. 
  • Formatting rules apply: See also the SURFconext entitlement namespacing policy.

...

PrincipalName

urn:mace

urn:mace:dir:attribute-def:eduPersonPrincipalName

urn:oid

urn:oid:1.3.6.1.4.1.5923.1.1.1.6

Multiplicity

single-valued

Data typeUTF8 String of the form user@domain. The domain MUST Domain must be equal to or a be a subdomain of the  schacHomeOrganization.

Description

Unique identifier for a user.  

Examplespiet.jønsen@examplejønsen@example.edu
not.a@vålîd.émail.addreß

Notes

  • Do not use as an email address!
  • All though uniquely identifying
  • Although this value resembles an email address, it MUST NOT be used as an email address. In many cases mail cannot be delivered to this "address".
  • Even though this value uniquely identifies a user, it is not guaranteed that it PrincipalName is persistent over sessions (even though it usually is).
  • Preferedly do Do not use this to uniquely identify users.  Use the NameId instead Use NameId for this.
  • SURFconext will store the The allowed domain part for your institution will be stored in our configuration so we can check configuration of SURFconext. So it can be checked that no illegal values are being sent.

isMemberOf

urn:mace

urn:mace:dir:attribute-def:isMemberOf

urn:oid

urn:oid:1.3.6.1.4.1.5923.1.5.1.1

Multiplicity

multi-valued

Data typeRFC-2141 URN 

Description

Lists the collaborative organisations Organisations the user is a member of.

Examplesurn:collab:org:surf.nl

Notes

  • Attribute values are URIs (URN or URL)
  • The only currently supported value is Only urn:collab:org:surf.nl, which indicated is supported. It indicates that the user's home institution is a member of SURFnetIn the future, this can be used to determine membership of non-institutional collaborative organisations.
  • This attribute is generated by SURFconext and is available to SPs; it should not be set by IdPs.

...

urn:mace

urn:mace:dir:attribute-def:uid

urn:oid

urn:oid:0.9.2342.19200300.100.1.1

Multiplicity

multi-valued

Data typeUTF8 String string (max 256 chars); use of spaces and do not use space or @-characters is discouragedsign.

Description

The unique Unique code for a person that is , used as the login name within the his institution.

Examples

s9603145 
piet 
flåp@example.edu

Notes

  • The uid is not a unique identifier for SURFconext users.  Uid values are at most unique for each IdP.
  • Ideally the uid is not only a login name/code but also an identifier that is guaranteed as being unique within the institution over the course of time. At the moment, there is no such guarantee.
  • Use the NameId for unique identifiers in SURFconext rather than uid.
  • Use the eduPersonPrincipalName attribute if a human-readable unique identifier is required
  • A uid may contain any unicode character. E.g., "org:surfnet.nl:joe von stühl" is a valid uid.
  • SURFconext translates @-characters in the uid to underscores before constructing the NameID.

...

preferredLanguage

urn:mace

urn:mace:dir:attribute-def:preferredLanguage

urn:oid

urn:oid:2.16.840.1.113730.3.1.39

Multiplicity

single-valued

Data typeRFC2798 BCP47

Description

a two-letter abbreviation for the preferred language according to the ISO 639 language abbreviation code table; no subcodes.

Examples

nl
en

Notes

Used to indicate an individual's preferred written or spoken language. This is useful for international correspondence or human-computer interaction. Values for this attribute type MUST conform to the definition of the Accept-Language header field defined in RFC 2068 with one exception: ?the value ":" should be omitted. 

...