Versions Compared

Old Version 113

changes.mady.by.user Raoul Teeuwen

Saved on

compared with

New Version 114

changes.mady.by.user Thijs Kinkhorst

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: faculty erbij, staff deprecated

...

urn:mace

urn:mace:dir:attribute-def:eduPersonAffiliation

urn:oid

urn:oid:1.3.6.1.4.1.5923.1.1.1.1

Multiplicity

multi-valued

Data typeUTF8 String (only the values enumerated below are allowed)

Description

Indicates the relationship between the user and his home organisation (institution). The following values are permitted within SURFconext:

  • student — A person enrolled at an institution, an external student or course participant.
  • employee — A person with a position at or labour agreement with an institution.
  • staff All academic staff and teachers. (in Dutch: wetenschappelijk personeel, or WP) and teachersdeprecated; do not use in new deployments)
  • faculty — Workers whose primary role is teaching or research. (Commonly called WP at Dutch universities.)
  • member — Anyone that holds at least one of the above affiliations is also a member.

  • pre-student — A person who has registered to start studying, but is not yet a full student. See this page (Dutch only) for more information about pre-students and the terms and conditions under which such users are allowed access. Pre-students will never be allowed access to service providers without prior consent from the service provider.
The following value(s) are allowed, but not (yet) used by any services:
  • affiliate — A person who is authorised by the Institution, pursuant to the licence model concluded by the Institution, to use the Service.

Use the above mentioned definitions to determine which affiliation a user gets. If the definitions are not sufficient, please use common sense.

Examplessee above

Notes

  • Any user who has the affiliation student, employee, or staff faculty, should also have the value member.
  • Identity Providers might internally use additional values for the affiliation attribute, such as alum. Per SURFconext policy, the IdP may not allow such users to access SURFconext.
    Other values mentioned in the eduPerson specification include : faculty, library-walk-in. These values are not This value is not currently used within SURFconext.
  • According to the eduPerson specification, the values of this attribute are case insensitive; for interoperability reasons however, we require lower-case values as specified above in SURFconext.
  • The document REFEDS eduPerson(Scoped)Affiliaton usage comparison is useful to determine the usefulness of values in an international context.

Scoped Affiliation

urn:mace

urn:mace:dir:attribute-def:eduPersonScopedAffiliation

urn:oid

urn:oid:1.3.6.1.4.1.5923.1.1.1.9 

Multiplicity

multi-valued

Data typeUTF8 String of the form affiliation@subdomain (see below)

Description

Indicates the relationship between the user and a specific (security) domain with his home organisation.  The values consist of an affiliation and a security domain, concatenated with a @-sign, i.e. <affiliation>@<sub.domain.nl>. In this way, the relationship between a user and his institution can be specified in a fine-grained way. For example, it allows for specification that a user is a student in the Physics department, or a secretary works in a specific department within a faculty.

The affiliation-part must be one of the values allowed for the eduPersonAffiliation attribute (see above). At the moment, these are:

  • student — A person enrolled at an institution, an external student or course participant
  • employee — A person with a position at or labour agreement with an institution
    • staff — All academic staff (in Dutch: wetenschappelijk personeel, or WP) and teachers

  • member — Anyone that holds at least one of the above affiliations is also a member

    • The following value(s) are allowed, but not (yet) used by any services:

    • affiliate — A person who is authorised by the Institution, pursuant to the licence model concluded by the Institution, to use the Service

    The domain-part of this attribute must be subdomain of the user's schacHomeOrganization. This subdomain does not necessarily need to exist in DNS. For example, if the user's university uses the schacHomeOrganization uniharderwijk.nl, valid values for the domain part of the eduPersonScopedAffiliation would be science.uniharderwijk.nl, physics.science.uniharderwijk.nl, etc.

    Examples

    student@physics.uniharderwijk.nl
    employee@facilities.uniharderwijk.nl

    Notes

    • This attribute can be used to express the faculty, field of study, department, etc. to which a user is affiliated.
    • As this attribute is multivalued, it is easily possible to express that a user is a student in a certain field, and at the same time is employed by a different department of the university
    • There is no common register or policy of which subdomains are valid or express a certain concept. For example, staff@csemployee@cs.uniharderwijk.nl might indicate the user is a staff member of the computer science department of the University of Harderwijk, while staff@csemployee@cs.surfnet.nl might indicate an employee of the community support department of SURFnet. Therefore, if you are an SP and would like to use this attribute, you always need to confer with the university if you need to interpret these values.

    ...