Versions Compared

Old Version 75

changes.mady.by.user Teun Fransen

Saved on

compared with

New Version 76

changes.mady.by.user Bas Zoetekouw

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

urn:mace

urn:mace:dir:attribute-def:eduPersonAffiliation

urn:oid

urn:oid:1.3.6.1.4.1.5923.1.1.1.1

Multiplicity

multi-valued

Description

Indicates the relationship between the user and his home organisation.  The following values are permitted:

  • student — student
  • employee — all employees
  • staff — academic staff
  • member anyone employed by or studying at the institution

Notes

  • Any user who has the affiliation student, employee, or staff, should also have the value member.
  • Identity providers might internally use additional values for the
affilication
  • affiliation attribute, such as alum or affiliate.  Per SURFconext policy, such users are not allowed access to SURFconext.
(warning) The attribute values are case senitive!
  • According to the eduPerson specification, the values of this attribute are case insensitive; for interoperability reason, however, we require lower-case values as specified above in SURFconext.

Entitlements

urn:mace

urn:mace:dir:attribute-def:eduPersonEntitlement

urn:oid

urn:oid:1.3.6.1.4.1.5923.1.1.1.7

Multiplicity

multi-value

Description

entitlement; custom URI (URL or URN) that indicates an entitlement to something.

Notes

  • This attribute can be used to communicate entitlements, roles, etc, from identity providers to services, which can be used, for example, for authorization.
  • The values of this attribute are scoped to the identity provider that is authoritative for the attribute. 
  • Formatting rules apply: See also the SURFconext entitlement namespacing policy.

...