From MPDLMediaWiki
Jump to navigation Jump to search

General Information [1][edit]

EduPerson is a auxiliary object class for campus directories with the aim to facilitate communication among higher education institutes on the basis of an campus directory (an integrated institutional data store, which provides authorized users access to information regardless of where or how the original information is stored). It consists of a set of data elements or attributes about individuals, along with recommendations on the syntax and semantics of the data that may be assigned to those attributes.

Benefits of eduPerson
Many of the eduPerson attributes are intended to support inter-realm applications such as Shibboleth (inter-realm authentication).

Attributes of eduPerson
Two types of attributes:

  1. Attributes already given in most commercial directory server products (like names, email addresses)
  2. Attributes newly created to facilitate inter-institutional collaborations and applications

Each attribute has an application utility class which suggests the class of application for which this attribute is appropriate. Three of these classes are defined as followes:

  • Core
All attributes which provide the minimum useful bits of information about a person in a dictionary. This attributes are cn: common name, sn: surname and eduPersonOrgDN: the person’s affiliation’s distinguished name
  • Standard
An expanded list of attributes that (complemented with the core attributes) are adequate to support a full-featured directory. That class includes attributes useful for role-based access control decisions.
  • Extended
The rest of the defined attributes, which support a larger class of potential applications.

EduPerson Specification (200312) [2][edit]

Attributes newly defined for eduPerson[edit]

1. Core

  • eduPersonOrgDN
The distinguished name (DN) of the directory entry representing the organization of a person

2. Standard

  • eduPersonOrgUnitDN
The distinguished name (DN) of the directory entry representing the organizational unit(s) of a person
  • eduPersonAffiliation
The person’s relation(s) to the organization (like student, staff, alum, etc.)
  • eduPersonScopedAffiliation
The person’s relation(s) to the organization (like student, staff, alum, etc.) with a particular security domain
  • eduPersonPrimaryAffiliation
  • eduPersonPrincipalName
Used as internal ID
  • eduPersonNickname
The nickname (informal name) of a person

3. Extended

  • eduPersonOrgPrimaryUnitDN
  • eduPersonEntitlement
URI that indicates a set of rights to specific resources for a person
  • eduPersonTargetID
A persistent, privacy-preserving identifier for a principal shared between a pair of coordinating entities

Attributes from other standard object classes or definitions[edit]

The object classes person and orgPerson are defined in x.521 (2000) and inetOrgPerson in RFC 2798.

1. Core

  • cn (common name, required, defined in person)
The full name of a person
  • sn (surname, required, defined in person)

2. Standard

  • displayName (defined in inetOrgPerson)
  • givenName (defined in inetOrgPerson)
  • description (defined in person)
A description of a person
  • o (organizationName, defined in inetOrgPerson)
  • ou (organizationalUnitName, defined in inetOrgPerson)
  • mail (defined in inetOrgPerson)
  • telephoneNumber (defined in person)
  • uid (defined in inetOrgPerson)
Logon name to a computer system of a person
  • seeAlso (defined in person)
Specifies names of other directory persons which may be other aspects of the same real world person

3. Extended

  • facsimileTelephoneNumber (defined in orgPerson)
  • mobile
  • pager (defined in inetOrgPerson)
  • postalAddress (defined in orgPerson)
  • postalCode (defined in orgPerson)
  • postOfficeBox (defined in orgPerson)
  • l (localityName, defined in orgPerson)
e.g. city, country or other geographic region
  • st (stateOrProvinceName, defined in orgPerson)
  • street (defined in orgPerson)
  • homePhone (defined in inetOrgPerson)
  • homePostalAddress (defined in inetOrgPerson)
  • title (defined in orgPerson)
  • initials (defined in inetOrgPerson)
  • jpegPhoto (defined in inetOrgPerson)
  • preferredLanguage (defined in inetOrgPerson)
Preferred written or spoken language of a person
  • labeledURI (defined in inetOrgPerson)
Web site of a person
  • userPassword (defined in person)
  • userCertificate (defined in inetOrgPerson)
A user's X.509 certificate
  • userSMIMECertificate (defined in inetOrgPerson)
A X.509 certificate specifically for the use in s/MIME applications

4. No recommendation

  • audio (defined in inetOrgPerson)
  • manager (defined in inetOrgPerson)
The DN of the manager of a person
  • uniqueIdentifier
  • x500uniqueIdentifier (defined in inetOrgPerson)