Page History

urn:mace

urn:mace:dir:attribute-def:sn

urn:oid

urn:oid:2.5.4.4

Multiplicity

single-valued

Description

The surname of a person (including any words such as “van”, “de”, “von” "van", "de", "von" etc.) used for personalisation; this can be a combination of existing attributes.

Notes

urn:mace

urn:mace:dir:attribute-def:givenName

urn:oid

urn:oid:2.5.4.42

Multiplicity

single-valued

Description

Given name / “name "name known by”by"; combinations of title, initials, and “name "name known by” by" are possible.

Jan Klaassen
Mërgim K. Lukáš 
Þrúður

Notes

urn:mace

urn:mace:terena.org:attribute-def:schacHomeOrganization

urn:oid

urn:oid:1.3.6.1.4.1.25178.1.2.9

Multiplicity

single-valued

Description

The user's organisation using the organisation’s organisation's domain name; syntax in accordance with RFC 1035.

uniharderwijk.nl
example.nl 

Notes

•  In the past, SURFconext used to send the home organisation in the attribute urn:oid:1.3.6.1.4.1.1466.115.121.1.15, which was incorrect.  Since 2013, the correct oid urn:oid:1.3.6.1.4.1.25178.1.2.9 is in use.  For reasons of compatibility, the old (wrong) key is also still sent.  It should not be used in new implementations.
• Matching values against this attribute should be case-insensitive, i.e. the values "uniharderwijk.nl" and "UniHarderwijk.nl" should be considered equal.

urn:mace

urn:mace:dir:attribute-def:eduPersonScopedAffiliation

urn:oid

urn:oid:1.3.6.1.4.1.1466.115.121.1.15

Multiplicity

multi-valued

Description

Indicates the relationship between the user and a specific (security) domain with his home organisation.  The values consist of an affiliation and a security domain, concatenated with a @-sign, i.e. <affiliation>@<sub.domain.nl>. In this way, the relationship between a user and his institution can be specified in a fine-grained way. For example, it allows for specification that a user is a student in the Physics department, or a secretary works in a specific department within a faculty.

The affiliation-part must be one of the values allowed for the eduPersonAffiliation attribute (see above). At the moment, these are:

• student — student
• employee — all employees
• staff — academic staff
• member — anyone employed by or studying at the institution

The domain-part of this attribute must be subdomain of the user's schacHomeOrganization. This subdomain does not necessarily need to exist in DNS. For example, if the user's institution university uses the schacHomeOrganization uniharderwijk.nl, valid valued values for the domein domain part of the eduPersonScopedAffiliation would be science.uniharderwijk.nl, physics.science.uniharderwijk.nl, etc.

Notes

• This attribute can be used to express the faculty, field of study, department, etc to which a user is affiliated.
• As this attribute is multivalued, it is easily posible to express that a iuser user is a student in a certain field, and at the same time is employed by a different department of the university
• There is no common register or policy of which subdomains are valid , or which express a certain concept. For example, staff@cs.uniharderwijk.nl might indicate the user is a staff member of the computer science department of the University of Harderwijk, while staff@cs.surfnet.nl might indicate an employee of the community support department of SURFnet. Therefore, if you are an SP and would like to use this attribute, you always need to confer with the university if you need to interpret these values.