EduPerson
General Information [1][edit]
EduPerson is a auxiliary object class for campus directories with the aim to facilitate communication among higher education institutes on the basis of an campus directory (an integrated institutional data store, which provides authorized users access to information regardless of where or how the original information is stored). It consists of a set of data elements or attributes about individuals, along with recommendations on the syntax and semantics of the data that may be assigned to those attributes.
Benefits of eduPerson
Many of the eduPerson attributes are intended to support inter-realm applications such as Shibboleth (inter-realm authentication).
Attributes of eduPerson
Two types of attributes:
- Attributes already given in most commercial directory server products (like names, email addresses)
- Attributes newly created to facilitate inter-institutional collaborations and applications
Each attribute has an application utility class which suggests the class of application for which this attribute is appropriate. Three of these classes are defined as followes:
- Core
- All attributes which provide the minimum useful bits of information about a person in a dictionary. This attributes are cn: common name, sn: surname and eduPersonOrgDN: the person’s affiliation’s distinguished name
- Standard
- An expanded list of attributes that (complemented with the core attributes) are adequate to support a full-featured directory. That class includes attributes useful for role-based access control decisions.
- Extended
- The rest of the defined attributes, which support a larger class of potential applications.
EduPerson Specification (200312) [2][edit]
Attributes newly defined for eduPerson[edit]
1. Core
- eduPersonOrgDN
- The distinguished name (DN) of the directory entry representing the organization of a person
2. Standard
- eduPersonOrgUnitDN
- The distinguished name (DN) of the directory entry representing the organizational unit(s) of a person
- eduPersonAffiliation
- The person’s relation(s) to the organization (like student, staff, alum, etc.)
- eduPersonScopedAffiliation
- The person’s relation(s) to the organization (like student, staff, alum, etc.) with a particular security domain
- eduPersonPrimaryAffiliation
- eduPersonPrincipalName
- Used as internal ID
- eduPersonNickname
- The nickname (informal name) of a person
3. Extended
- eduPersonOrgPrimaryUnitDN
- eduPersonEntitlement
- URI that indicates a set of rights to specific resources for a person
- eduPersonTargetID
- A persistent, privacy-preserving identifier for a principal shared between a pair of coordinating entities
Attributes from other standard object classes or definitions[edit]
The object classes person and orgPerson are defined in x.521 (2000) and inetOrgPerson in RFC 2798.
1. Core
- cn (common name, required, defined in person)
- The full name of a person
- sn (surname, required, defined in person)
2. Standard
- displayName (defined in inetOrgPerson)
- givenName (defined in inetOrgPerson)
- description (defined in person)
- A description of a person
- o (organizationName, defined in inetOrgPerson)
- ou (organizationalUnitName, defined in inetOrgPerson)
- mail (defined in inetOrgPerson)
- telephoneNumber (defined in person)
- uid (defined in inetOrgPerson)
- Logon name to a computer system of a person
- seeAlso (defined in person)
- Specifies names of other directory persons which may be other aspects of the same real world person
3. Extended
- facsimileTelephoneNumber (defined in orgPerson)
- mobile
- pager (defined in inetOrgPerson)
- postalAddress (defined in orgPerson)
- postalCode (defined in orgPerson)
- postOfficeBox (defined in orgPerson)
- l (localityName, defined in orgPerson)
- e.g. city, country or other geographic region
- st (stateOrProvinceName, defined in orgPerson)
- street (defined in orgPerson)
- homePhone (defined in inetOrgPerson)
- homePostalAddress (defined in inetOrgPerson)
- title (defined in orgPerson)
- initials (defined in inetOrgPerson)
- jpegPhoto (defined in inetOrgPerson)
- preferredLanguage (defined in inetOrgPerson)
- Preferred written or spoken language of a person
- labeledURI (defined in inetOrgPerson)
- Web site of a person
- userPassword (defined in person)
- userCertificate (defined in inetOrgPerson)
- A user's X.509 certificate
- userSMIMECertificate (defined in inetOrgPerson)
- A X.509 certificate specifically for the use in s/MIME applications
4. No recommendation
- audio (defined in inetOrgPerson)
- manager (defined in inetOrgPerson)
- The DN of the manager of a person
- uniqueIdentifier
- x500uniqueIdentifier (defined in inetOrgPerson)
References[edit]
- ↑ http://www.educause.edu/Elements/Attachments/netatedu/pki/eduperson/faq.pdf - EduPerson 1.0 Frequently Asked Questions (FAQ) (200312)
- ↑ http://www.nmi-edit.org/eduPerson/internet2-mace-dir-eduperson-200312.pdf - EduPerson Specification (200312)