Versions Compared

Old Version 127

changes.mady.by.user Teun Fransen

Saved on

compared with

New Version 128

changes.mady.by.user André Klaver

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

urn:mace

urn:mace:terena.org:attribute-def:schacHomeOrganization

urn:oid

urn:oid:1.3.6.1.4.1.25178.1.2.9

Multiplicity

single-valued

Data typeRFC-1035 domain string. The domain MUST be a secondary-level domain that is under control by the institution. Preferably, the institution's main domain name should be used.

Description

The user's organisation organization using the organisation’s organization's domain name; syntax in accordance with RFC 1035.

Examples

uniharderwijk.nl
example.nl 

Notes

  •  In the past, SURFconext used to send the home organisation in the attribute urn:oid:1.3.6.1.4.1.1466.115.121.1.15, which was incorrect.  Since 2013, the correct oid urn:oid:1.3.6.1.4.1.25178.1.2.9 is in use.  For reasons of compatibility, the old (wrong) key is also still sent.  It should not be used in new implementations.
  • Matching values against this attribute should be case-insensitive, i.e. the values "uniharderwijk.nl" and "UniHarderwijk.nl" should be considered equal.
  • It is desirable to have the same value for all your users.
  • SURFconext will store the allowed value for your institution in our configuration so we can check that no illegal values are being sent.

...

urn:mace

urn:mace:dir:attribute-def:eduPersonAffiliation

urn:oid

urn:oid:1.3.6.1.4.1.5923.1.1.1.1

Multiplicity

multi-valued

Data typeUTF8 String (only the values enumerated below are allowed)

Description

Indicates the relationship between the user and his home organisation (institution). The following values are permitted within SURFconext:

  • student — A person enrolled at an institution, an external student or course participant.
  • employee — A person with a position at or labour agreement with an institution.
  • staffAll academic staff and teachers. (deprecated; do not use in new deployments)
  • faculty — A person whose primary role is teaching or research. (Commonly called WP at Dutch universities. Please note, PhD students are also perfectly allowed to carry this value.)
  • member — Anyone that holds at least one of the above affiliations is also a member.

  • pre-student — A person who has registered to start studying, but is not yet a full student. See this page (Dutch only) for more information about pre-students and the terms and conditions under which such users are allowed access. Pre-students will never be allowed access to service providers without prior consent from the service provider.
  • affiliate — A person who is authorised authorized by the Institution, pursuant to the licence lenience model concluded by the Institution, to use the Service.

Use the above mentioned definitions to determine which affiliation a user gets. If the definitions are not sufficient, please use common sense.

Examplessee above

Notes

  • Any user who has the affiliation student, employee, or faculty, should also have the value member.
  • Identity Providers might internally use additional values for the affiliation attribute, such as alum. Per SURFconext policy, the IdP may not allow such users to access SURFconext.
    Other values mentioned in the eduPerson specification include library-walk-in. This value is not currently used within SURFconext.
  • According to the eduPerson specification, the values of this attribute are case insensitive; for interoperability Interoperability reasons however, we require lower-case values as specified above in SURFconext.
  • The document REFEDS eduPerson(Scoped)Affiliaton usage comparison is useful to determine the usefulness of values in an international context.

...