Versions Compared

Old Version 34

changes.mady.by.user Bas Zoetekouw

Saved on

compared with

New Version 35

changes.mady.by.user Bas Zoetekouw

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

SURFconext supports two atttributes schemas: the urn:oid schema and the urn:mace schema. Both of these can be used to convey the same information (except for the NameId, which is only available in the  urn:oid schema. By default SURFconext will provide attributes in both schemata as part of the assertion.  It is not recommended to mix the use of these schemata, but for legacy reason SURFconext offers both.

Attribute overview

SURFconext supported relaying of the following attributes:

Friendly name

Attribute name

S/M

Definition

Data type

Example

ID

(NameId)
urn:mace:dir:attribute-def:eduPersonTargetedID
urn:oid:1.3.6.1.4.1.5923.1.1.1.10

 

eduPerson

UTF8 string
(unbounded)

bd09168cf0c2e675b2def0ade6f50b7d4bb4aae

Surname

urn:mace:dir:attribute-def:sn
urn:oid:2.5.4.4

 

X.520

UTF8 string
(unbounded)

Vermeegen
?

Given name

urn:mace:dir:attribute-def:givenName
urn:oid:2.5.4.42

 

X.520

UTF8 string
(unbounded)

Mërgim Lukáš
??

Common name

urn:mace:dir:attribute-def:cn
urn:oid:2.5.4.3

 

X.520

UTF8 String
(unbounded)

Prof.dr. Mërgim Lukáš Vermeegen
? ??, PhD.

Display name

urn:mace:dir:attribute-def:displayName
urn:oid:2.16.840.1.113730.3.1.241

 

RFC2798

UTF8 String
(unbounded)

Prof.dr. Mërgim L. Vermeegen
? ??, PhD.

Email address

urn:mace:dir:attribute-def:mail
urn:oid:0.9.2342.19200300.100.1.3

 

RFC4524

RFC-5322 address
(max 256 chars)

m.l.vermeegen@university.example.org
"very.unusual.@.unusual.com"@example.com
<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="6b1a0f9153192560-49f3f43c-48ce4c76-aa7496a7-631f8207ddca93611c639c8c"><ac:plain-text-body><![CDATA[mlv@[IPv6:2001:db8::1234:4321]

]]></ac:plain-text-body></ac:structured-macro>

Organization

urn:mace:terena.org:attribute-def:schacHomeOrganization
urn:oid:1.3.6.1.4.1.25178.1.2.9

 

Schac

RFC-1035 domain string

university.example.org
 

Organization Type

urn:mace:terena.org:attribute-def:schacHomeOrganizationType
urn:oid:1.3.6.1.4.1.25178.1.2.10

 

Schac

RFC-2141 URN
see Schac standard

urn:mace:terena.org:schac:homeOrganizationType:int:university
urn:mace:terena.org:schac:homeOrganizationType:es:opi

Affiliation

urn:mace:dir:attribute-def:eduPersonAffiliation
urn:oid:1.3.6.1.4.1.5923.1.1.1.1

 

eduPerson

Enum type (UTF8 String)

faculty, student, staff, (alum, member, affiliate, employee, library-walk-in)

Entitlement

urn:mace:dir:attribute-def:eduPersonEntitlement
urn:oid:1.3.6.1.4.1.5923.1.1.1.7

 

eduPerson

RFC-2141 URN
Multi-valued

to be determined per service

PrincipalName

urn:mace:dir:attribute-def:eduPersonPrincipalName
urn:oid:1.3.6.1.4.1.5923.1.1.1.6

 

eduPerson

UTF8 String
user@domain

not.a@vålîd.émail.addreß
??@aninstitutionname

isMemberOf

urn:mace:dir:attribute-def:isMemberOf
urn:oid:1.3.6.1.4.1.5923.1.5.1.1

 

eduMember

RFC-2141 URN
Multi-valued

urn:collab:org:surf.nl
urn:collab:org:clarin.org

uid

urn:mace:dir:attribute-def:uid
urn:oid:0.9.2342.19200300.100.1.1

 

RFC4519

UTF8 String
(max 256 chars)

s9603145
flåp@example.edu

preferredLanguage

urn:mace:dir:attribute-def:preferredLanguage
urn:oid:2.16.840.1.113730.3.1.39

 

RFC2798
BCP47

List of BCP47 language tags

nl
nl, en-gb;q=0.8, en;q=0.7

...

Detailed attribute descriptions

ID

See conextdocumentation:above.

Surname

urn:mace

urn:mace:dir:attribute-def:sn

urn:oid

urn:oid:2.5.4.4

Multiplicity

single-valued

Description

The surname of a person (including any words such as "van", "de", "von" etc.) used for personalisation; this can be a combination of existing attributes.

Notes

 

...

urn:mace

urn:mace:dir:attribute-def:displayName

urn:oid

urn:oid:1.3.6.1.4.1.1466.115.121.1.15

Multiplicity

single-valued

Description

Name as displayed in applications

Notes

 

Email address

  •  This attribute can typically be changed by the end-users themselves, and is therefore not very suitable for identification.

Email address

urn:mace

urn:mace:dir:attribute-def:mail

urn:oid

urn:oid:0.9.2342.19200300.100.1.3

Multiplicity

multi-valued

Description

e-mail address; syntax in accordance with RFC 5322

Notes

  • Multiple email addresses are allowed
  • An email address is not necessarily the email address of this person at the institution.
  • Do not use this attribute to uniquely identify a user.  Use the NameId  instead.
  • A user's email address may change over time, or an IdP may allow a user to change this value themselves. This makes that attribute unsuitable for authentication and authorization purposes.

...

urn:mace

urn:mace:dir:attribute-def:uid

urn:oid

urn:oid:1.3.6.1.4.1.1466.115.121.1.15

Multiplicity

single multi-valued

Description

The unique code for a person that is used as the login name within the institution.

Notes

  • The uid is not a unique identifier for SURFconext users.  Uid values are at most unique for each IdP.
  • Ideally the uid is not only a login name/code but also an identifier that is guaranteed as being unique within the institution over the course of time. At the moment, there is no such guarantee.
  • Use the NameId for unique identifiers in SURFconext rather than uid.
  • Use the eduPersonPrincipalName attribute if a human-readable unique identifier is required
  • A uid may contain any unicode character. E.g., "org:surfnet.nl:joe von stühl" is a valid uid.
  • SURFconext translates @-characters in the uid to underscores.  Yes, this means that uids are not guaranteed to be unique.

...

urn:mace

urn:mace:terena.org:attribute-def:schacHomeOrganization

urn:oid

urn:oid:1.3.6.1.4.1.25178.1.2.9

Multiplicity

single-valued

Description

The user's organisation using the organisation's domain name; syntax in accordance with RFC 1035.

Notes

  •  In the past, SURFconext used to send the home organisation in the attribute urn:oid:1.3.6.1.4.1.1466.115.121.1.15, which was incorrect.  Since 2013, the correct oid urn:oid:1.3.6.1.4.1.25178.1.2.9 is in use.  For reasons of compatibility, the old (wrong) key is also still sent.  It should not be used in new implementations.

Organization type

urn:mace

urn:mace:terena.org:attribute-def:schacHomeOrganizationType

urn:oid

urn:oid:1.3.6.1.4.1.25178.1.2.10

Multiplicity

single-value

Description

designation of the type of organisation as defined on http://www.terena.org/registry/terena.org/schac/homeOrganizationType

Notes

...

urn:mace

urn:mace:dir:attribute-def:isMemberOf

urn:oid

urn:oid:1.3.6.1.4.1.5923.1.5.1.1

Multiplicity

multi-valued

Description

Lists the collaborative organisations the user is a member of.

Notes

  • Attribute values are URIs (URN or URL)
  • Only current supported value is urn:collab:org:surf.nl, which indicated that the user's home institution is a member of SURFnet
  • In the future, this can be used to determine membership of non-institutional collaborative organisations such as CLARIN.

Preferred Language

urn:mace

urn:mace:dir:attribute-def:preferredLanguage

urn:oid

urn:oid:2.16.840.1.113730.3.1.39

Multiplicity

single-valued

Description

a two-letter abbreviation for the preferred language according to the ISO 639 language abbreviation code table; no subcodes.

Notes

Used to indicate an individual's preferred written or spoken language. This is useful for international correspondence or human-computer interaction. Values for this attribute type MUST conform to the definition of the Accept-Language header field defined in RFC 2068 with one exception: ?the value ":" should be omitted. 

...