Document: internet2-mace-dir-x-eduperson-draft-02

Internet2 Middleware Architecture Committee for Education, Directory Working Group (MACE-Dir)

Released: July 1, 2012


Copyright © 2012 by Internet2
and/or the respective authors

Comments to:


x-eduPerson Object Class Specification Draft 02

Status of this document

A draft x-eduPerson object class specification is described in this document. This version is intended to support experimentals trials of proposed new attributes. The x-eduPerson object class is a way to segregate those attributes from eduPerson proper until such time as experience and community consensus suggest moving a particular experimental attribute into eduPerson proper. Note that the attribute definitions, up to and including the official attribute OID, remain the same whether the containing object class is x-eduPerson or eduPerson itself.

0. Table of Contents

1 x-eduPerson Object Class and Attributes
1.1 x-eduPerson Object Class Definition
1.2 x-eduPerson Attribute Definitions
1.2.1. eduPersonPrincipalNamePrior
2. Change Log

3. References
4. Acknowledgments

1 x-eduPerson Object Class and Attributes

1.1 x-eduPerson Object Class Definition

All Both eduPerson- and x-eduPerson-defined attribute names are prefaced with "eduPerson." The x-eduPerson auxiliary object class contains all experimental or trial attributes as "MAY" attributes:


        NAME 'x-eduPerson'


        MAY ( eduPersonPrincipalNamePrior )


1.2 x-eduPerson Attribute Definitions

Attributes in the following section were newly defined for x-eduPerson. Each entry specifies the version of x-eduPerson in which the attribute was first defined.

1.2.1. eduPersonPrincipalNamePrior (defined in x-eduPerson); OID:

RFC4512 definition


          NAME 'eduPersonPrincipalNamePrior'

          DESC 'eduPersonPrincipalNamePrior per Internet2'

          EQUALITY caseIgnoreMatch

          SYNTAX '' )

Application utility class: standard; # of values: multi


Older scoped identifiers for a person. A historical counterpart to the eduPersonPrincipalName attribute, each value of this multi-valued attribute represents an ePPN value that was previously associated with the entry. The values MUST NOT include the currently valid ePPN value. There is no implied or assumed order to the values. This attribute MUST NOT be populated if ePPN values are ever reassigned to a different entry (after, for example, a period of dormancy). That is, they MUST be unique in space and over time.

Notes This attribute provides a historical record of ePPN values associated with an entry, provided the values are not subject to reassignment. It is permissible to reassign ePPN values, but doing so precludes the use of this attribute; consumers must be able to assume that a historical ePPN value is associated with exactly one entry for all time. As an identifier that may be based on a user's name, values of ePPN may change over time, and this creates problems for applications that are limited in their capacity to accommodate less friendly identifiers. To improve the user experience in such cases, applications may be enhanced to leverage this attribute to identify renamed accounts. Applications that support automated renaming can be enhanced to do so, while those that do not could be enhanced with logging or exception reporting that identifies the problem. It is strongly preferable to enhance, or build new, applications to support more stable/persistent (and necessarily opaque) identifiers, but this attribute may be useful as a transitional aid. It is permissible, though likely unusual, for a subject with no current eduPersonPrincipalName value to have eduPersonPrincipalNamePrior values. This could reflect, for example, a deprovisioning scenario.

Example (LDIF Fragment)

eduPersonPrincipalName: baz@hsww.wiz
eduPersonPrincipalNamePrior: foo@hsww.wiz
eduPersonPrincipalNamePrior: bar@hsww.wiz

Syntax: directoryString;

Indexing: pres,eq,sub

2. Change Log

This section lists changes that have been made from version to version of x-eduPerson.

Since this is the first edition of x-eduPerson, the change log section is empty.

3. References


4. Acknowledgments

MACE-Dir members and others who contributed to the definition of this object class include Scott Cantor, David Bantz, Michael Gettes, Michael Grady, Keith Hazelton, Michael Hodges, Mark Jones, Michael Pelikan, Mark Rank and others.