Difference between revisions of "EduPerson"

NOTE: This page is under construction. Please don't edit it.

General Information ^[1][edit]

EduPerson is a auxiliary object class for campus directories with the aim to facilitate communication among higher education institutes on the basis of an campus directory (an integrated institutional data store, which provides authorized users access to information regardless of where or how the original information is stored). It consists of a set of data elements or attributes about individuals, along with recommendations on the syntax and semantics of the data that may be assigned to those attributes.

Benefits of eduPerson
Many of the eduPerson attributes are intended to support inter-realm applications such as Shibboleth (inter-realm authentication).

Attributes of eduPerson
Two types of attributes:

1. Attributes already given in most commercial directory server products (like names, email addresses)
2. Attributes newly created to facilitate inter-institutional collaborations and applications

Each attribute has an application utility class which suggests the class of application for which this attribute is appropriate. Three of these classes are defined as followes:

• Core

All attributes which provide the minimum useful bits of information about a person in a dictionary. This attributes are cn: common name, sn: surname and eduPersonOrgDN: the person’s affiliation’s distinguished name

• Standard

An expanded list of attributes that (complemented with the core attributes) are adequate to support a full-featured directory. That class includes attributes useful for role-based access control decisions.

• Extended

The rest of the defined attributes, which support a larger class of potential applications.

EduPerson Specification (200312) ^[2][edit]

Attributes newly defined for eduPerson[edit]

1. Core

• eduPersonOrgDN

The distinguished name (DN) of the directory entry representing the organization of a person

2. Standard

• eduPersonOrgUnitDN

The distinguished name (DN) of the directory entry representing the organizational unit(s) of a person

• eduPersonAffiliation

The person’s relation(s) to the organization (like student, staff, alum, etc.)

• eduPersonScopedAffiliation

The person’s relation(s) to the organization (like student, staff, alum, etc.) with a particular security domain

• eduPersonPrimaryAffiliation
• eduPersonPrincipalName

Used as internal ID

• eduPersonNickname

The nickname (informal name) of a person

3. Extended

• eduPersonOrgPrimaryUnitDN
• eduPersonEntitlement

URI that indicates a set of rights to specific resources for a person

• eduPersonTargetID

A persistent, privacy-preserving identifier for a principal shared between a pair of coordinating entities

Attributes from other standard object classes or definitions[edit]

1. Core

• cn (common name, required)

The full name of a person

• sn (surname, required)

2. Standard

• displayName
• givenName
• description

A description of a person

• o (organizationName)
• ou (organizationalUnitName)
• mail
• telephoneNumber
• uid

Logon name to a computer system of a person

• sewAlso

Specifies names of other directory persons which may be other aspects of the same real world person

3. Extended

• facsimileTelephoneNumber
• mobile
• pager
• postalAddress
• postalCode
• postOfficeBox
• l (localityName)

e.g. city, country or other geographic region

• st (stateOrProvinceName)
• street
• homePhone
• homePostalAddress
• title
• initials
• jpegPhoto
• preferredLanguage

Preferred written or spoken language of a person

• labeledURI

Web site of a person

• userPassword
• userCertificate

A user's X.509 certificate

• userSMIMECertificate

A X.509 certificate specifically for the use in s/MIME applications

4. No recommendation

• audio
• manager

The DN of the manager of a person

• uniqueIdentifier
• x500uniqueIdentifier

References[edit]