...
See User identifiers.
Surname
urn:mace | urn:mace:dir:attribute-def:sn |
urn:oid | urn:oid:2.5.4.4 |
Multiplicity | single-valued |
Data type | UTF8 string (unbounded) |
Description | The surname of a person (including any words such as “van”, “de”, “von” etc.) used for personalisation; this can be a combination of existing attributes. |
Examples | Vermeegen 孝慈 |
Notes |
|
Given name
urn:mace | urn:mace:dir:attribute-def:givenName |
urn:oid | urn:oid:2.5.4.42 |
Multiplicity | single-valued |
Data type | UTF8 string (unbounded) |
Description | Given name / “name known by”; combinations of title, initials, and “name known by” are possible. |
Examples | Jan Klaassen |
Notes |
|
Common name
urn:mace | urn:mace:dir:attribute-def:cn |
urn:oid | urn:oid:2.5.4.3 |
Multiplicity | multi-valued |
Data type | UTF8 string (unbounded) |
Description | Full name. |
Examples | Prof.dr. Mërgim Lukáš Vermeegen 加来 千代, PhD. |
Notes | For example, a typical name of a person in an English-speaking country comprises a personal title (e.g. Mr., Ms., Rd, Professor, Sir, Lord), a first name, middle name(s), last name, generation qualifier (if any, e.g. Jr.) and decorations and awards (if any, e.g. CBE). |
Display name
urn:mace | urn:mace:dir:attribute-def:displayName |
urn:oid | urn:oid:2.16.840.1.113730.3.1.241 |
Multiplicity | single-valued |
Data type | UTF8 string (unbounded) |
Description | Name as displayed in applications |
Examples | Prof.dr. Mërgim Lukáš Vermeegen 加来 千代, PhD. |
Notes |
|
Email address
urn:mace | urn:mace:dir:attribute-def:mail |
urn:oid | urn:oid:0.9.2342.19200300.100.1.3 |
Multiplicity | multi-valued |
Data type | RFC-5322 address (max 256 chars) |
Description | e-mail address; syntax in accordance with RFC 5322 |
Examples | m.l.vermeegen@university.example.org "very.unusual.@.unusual.com"@example.com mlv@[IPv6:2001:db8::1234:4321] |
Notes |
|
uid
urn:mace | urn:mace:dir:attribute-def:uid |
urn:oid | urn:oid:0.9.2342.19200300.100.1.1 |
Multiplicity | multi-valued |
Data type | UTF8 String (max 256 chars); use of spaces and @ -characters is discouraged. |
Description | The unique code for a person that is used as the login name within the institution. |
Examples | s9603145 |
Notes |
|
Home organisation
urn:mace | urn:mace:terena.org:attribute-def:schacHomeOrganization |
urn:oid | urn:oid:1.3.6.1.4.1.25178.1.2.9 |
Multiplicity | single-valued |
Data type | RFC-1035 domain string. The domain MUST be a secondary-level domain that is under control by the institution. Preferably, the institution's main domain name should be used. |
Description | The user's organisation using the organisation’s domain name; syntax in accordance with RFC 1035. |
Examples | uniharderwijk.nl |
Notes |
|
Organization type
urn:mace | urn:mace:terena.org:attribute-def:schacHomeOrganizationType |
urn:oid | urn:oid:1.3.6.1.4.1.25178.1.2.10 |
Multiplicity | single-value |
Data type | RFC-2141 URN (see Schac standard) |
Description | designation of the type of organisation as defined on http://www.terena.org/registry/terena.org/schac/homeOrganizationType |
Examples | urn:mace:terena.org:schac:homeOrganizationType:int:university urn:mace:terena.org:schac:homeOrganizationType:es:opi |
Notes |
|
Employee-student number
urn:schac:attribute-def:schacPersonalUniqueCode | |
urn:oid:1.3.6.1.4.1.25178.1.2.14 | |
Multiplicity | multi-value |
Data type | RFC-2141 URN (see SURFnet registry) |
Description | The user's student, employee, and/or member id as used in the university's internal systems |
Examples | urn:schac:personalUniqueCode:nl:local:example.edu:employeeid:x12-3456 urn:schac:personalUniqueCode:nl:local:example.nl:studentid:s1234567 |
Notes |
|
Affiliation
urn:mace | urn:mace:dir:attribute-def:eduPersonAffiliation |
urn:oid | urn:oid:1.3.6.1.4.1.5923.1.1.1.1 |
Multiplicity | multi-valued |
Data type | UTF8 String (only the values enumerated below are allowed) |
Description | Indicates the relationship between the user and his home organisation. The following values are permitted:
|
Examples | see above |
Notes |
|
Scoped Affiliation
urn:mace:dir:attribute-def:eduPersonScopedAffiliation | |
urn:oid:1.3.6.1.4.1.1466.115.121.1.15 | |
Multiplicity | multi-valued |
Data type | UTF8 String of the form affiliation@subdomain (see below) |
Description | Indicates the relationship between the user and a specific (security) domain with his home organisation. The values consist of an affiliation and a security domain, concatenated with a @-sign, i.e. The
The domain-part of this attribute must be subdomain of the user's schacHomeOrganization. This subdomain does not necessarily need to exist in DNS. For example, if the user's institution uses the schacHomeOrganization |
Examples | see above |
Notes |
|
Entitlements
urn:mace | urn:mace:dir:attribute-def:eduPersonEntitlement |
urn:oid | urn:oid:1.3.6.1.4.1.5923.1.1.1.7 |
Multiplicity | multi-value |
Data type | RFC-2141 URN |
Description | entitlement; custom URI (URL or URN) that indicates an entitlement to something. |
Examples |
|
Notes |
|
Principal name
urn:mace | urn:mace:dir:attribute-def:eduPersonPrincipalName |
urn:oid | urn:oid:1.3.6.1.4.1.5923.1.1.1.6 |
Multiplicity | single-valued |
Data type | UTF8 String of the form user@domain . The domain MUST be equal to or a be a subdomain of the scacHomeOrganization. |
Description | Unique identifier for a user. |
Examples | piet.jønsen@example.edu not.a@vålîd.émail.addreß |
Notes |
|
isMemberOf
urn:mace | urn:mace:dir:attribute-def:isMemberOf |
urn:oid | urn:oid:1.3.6.1.4.1.5923.1.5.1.1 |
Multiplicity | multi-valued |
Data type | RFC-2141 URN |
Description | Lists the collaborative organisations the user is a member of. |
Examples | urn:collab:org:surf.nl |
Notes |
|
Preferred Language
urn:mace | urn:mace:dir:attribute-def:preferredLanguage |
urn:oid | urn:oid:2.16.840.1.113730.3.1.39 |
Multiplicity | single-valued |
Data type | RFC2798 BCP47 |
Description | a two-letter abbreviation for the preferred language according to the ISO 639 language abbreviation code table; no subcodes. |
Examples | nl |
Notes | Used to indicate an individual's preferred written or spoken language. This is useful for international correspondence or human-computer interaction. Values for this attribute type MUST conform to the definition of the Accept-Language header field defined in RFC 2068 with one exception: ?the value " |
EduPersonTargetedID
urn:mace:dir:attribute-def:eduPersonTargetedID | |
urn:oid:1.3.6.1.4.1.5923.1.1.1.10 | |
Multiplicity | single-valued |
Data type | UTF8 string (unbounded) |
Description | The attribute eduPersonTargetedID is a copy of the Subject -> NameID which is generated by SURFconext itself. When an Identity Provider provides the eduPersonTargetedID itself, it is always overwritten by SURFconext. |
Examples | bd09168cf0c2e675b2def0ade6f50b7d4bb4aae |
Notes | This attribute is created because the Subject -> NameID itself is not part of the SAML v2.0 response and therefore can not be usedonly is available for application if the local SAML implementation explicitly support this. Within SURFconext the Subject -> NameID is explicitly placed in the attribute eduPersonTargetedID, so that you can use itcopied into the |