Page History

urn:mace

urn:mace:dir:attribute-def:eduPersonScopedAffiliation

urn:oid

urn:oid:1.3.6.1.4.1.5923.1.1.1.9 

Multiplicity

multi-valued

Description

Indicates the relationship between the user and a specific (security) domain with his home organisation in a fine-grained way. For example, it can specify that a user is a student in the Physics department or a secretary working in a specific department.The value consists of an affiliation-part and a domain-part, i.e. <affiliation>@<sub.domain.nl>.

• The affiliation-part must be one of the values allowed for Affiliation (see above).
• The domain-part must be a subdomain of the user's schacHomeOrganization. This subdomain does not necessarily need to exist in DNS. E.g if schacHomeOrganization = uniharderwijk.nl, the domain-part could be science.uniharderwijk.nl or physics.science.uniharderwijk.nl,

student@physics.uniharderwijk.nl
employee@facilities.uniharderwijk.nl

Notes

• Can be used to express the faculty, field of study, department, etc. to which a user is affiliated.
• The attribute can have one or more values: a user can be a student in a certain field and at the same time an employee of a certain department of the university.
• There is no register of valid subdomains. SP's wanting to use this attribute, need to confer with the IdP to interpret the values of Scoped Affiliation.

urn:mace

urn:mace:dir:attribute-def:eduPersonEntitlement

urn:oid

urn:oid:1.3.6.1.4.1.5923.1.1.1.7

Multiplicity

multi-value

Description

Custom URI (URL or URN) indicating an entitlement to something.

urn:mace:terena.org:tcs:personal-admin
urn:x-surfnet:surfdomeinen.nl:role:dnsadmin

Notes

• Can be used to communicate entitlements, roles, etc, from identity providers to services, which can be used for example for authorization.
• The values of this attribute are scoped to the identity provider that is authoritative for the attribute. 
• Formatting rules apply.