2021-05-24 13:33 eduPerson attributes in the Attribute Dictionary
eduPersonAffiliation
Specifies the person’s relationship(s) to the institution in broad categories such as student, faculty, staff, alum, etc.
plural: Affiliations
type: string (closed enumeration: faculty, student, staff, alum, member, affiliate, employee, library-walk-in)
eduPersonAssurance
Set of URIs that assert compliance with specific standards for identity assurance.
plural: eduPersonAssurances
type: string
eduPersonEntitlement
URI (either URN or URL) that indicates a set of rights to specific resources.
plural: Entitlements
type: string
eduPersonNickname
Person’s nickname, or the informal name by which they are accustomed to be hailed.
plural: Nicknames
type: string
eduPersonOrcid
ORCID iDs are persistent digital identifiers for individual researchers. ORCID iDs are assigned, managed and maintained by the ORCID organization.
plural: Orcids
type: string
eduPersonOrgDN
The distinguished name (DN) of the directory entry representing the institution with which the person is associated (Note: eduPerson defines as single-valued)
plural: OrgDNs
type: DN
eduPersonOrgUnitDN
The distinguished name(s) (DN) of the directory entries representing the person’s Organizational Unit(s).
plural: OrgUnitDNs
type: DN
eduPersonPrimaryAffiliation
Specifies the person’s primary relationship(s) to the institution in broad categories such as student, faculty, staff, alum, etc.
type: string (closed enumeration: faculty, student, staff, alum, member, affiliate, employee, library-walk-in)
eduPersonPrimaryOrgUnitDN
The distinguished name (DN) of the directory entries representing the person’s primary Organizational Unit(s).
type: DN
eduPersonPrincipalName
A scoped identifier for a person. It should be represented in the form "user@scope" where 'user' is a name-based identifier for the person and where the "scope" portion MUST be the administrative domain of the identity system where the identifier was created and assigned.
type: string
eduPersonPrincipalNamePrior
Each value of this multi-valued attribute represents an ePPN (eduPersonPrincipalName) value that was previously associated with the entry. The values MUST NOT include the currently valid ePPN value. There is no implied or assumed order to the values.
plural: PrincipalNamesPrior
type: string
eduPersonScopedAffiliation
Specifies the person’s affiliation within a particular security domain in broad categories. The values consist of a left and right component separated by an "@" sign. The left component is one of the values from the eduPersonAffiliation closed enumeration.This right-hand side syntax of eduPersonScopedAffiliation intentionally matches that used for the right-hand side values for eduPersonPrincipalName. The "scope" portion MUST be the administrative domain to which the affiliation applies.
plural: ScopedAffiliations
type: string
eduPersonTargetedID
|
Note
|
eduPersonTargetedID is DEPRECATED and will be marked as obsolete in a future version of this specification. |
Its equivalent definition in SAML 2.0 has been replaced by a new specification for standard Subject Identifier attributes [https://docs.oasis-open.org/security/saml-subject-id-attr/v1.0/saml-subject-id-attr-v1.0.html], one of which ("urn:oasis:names:tc:SAML:attribute:pairwise-id") is a direct replacement for this identifier with a simpler syntax and safer comparison rules. Existing use of this attribute in SAML 1.1 or SAML 2.0 should be phased out in favor of the new Subject Identifier attributes."
type: string
eduPersonUniqueId
A long-lived, non re-assignable, omnidirectional identifier suitable for use as a principal identifier by authentication providers or as a unique external key by applications.
type: string