Versions Compared

Old Version 2

changes.mady.by.user trscavo@internet2.edu

Saved on

compared with

New Version 3

changes.mady.by.user trscavo@internet2.edu

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Research & Scholarship Attribute Bundle

IdPs Identity providers are encouraged to release the R&S attribute bundle to all R&S SPsservice providers:

  • Identifiers
    • eduPersonPrincipalName
    • eduPersonTargetedID
  • Mail attribute
    • mail
  • Person name attributes
    • displayName
    • givenName
    • sn (surname)
  • Authorization attribute
    • eduPersonScopedAffiliation
Note
titleSupporting the Research & Scholarship Category

An identity provider (IdP) supports the Research & Scholarship (R&S) Category if, for some subset of the IdP's user population, the IdP releases a minimal subset of the R&S attribute bundle to R&S SPs service providers without administrative involvement, either automatically or subject to user consent.

...

For the purposes of access control, a non-reassigned persistent identifier MUST be released is REQUIRED. If your deployment of eduPersonPrincipalName is non-reassigned, it will suffice. Otherwise you MUST release eduPersonTargetedID (which is non-reassigned by definition) in addition to eduPersonPrincipalName. In any case, release of both identifiers is RECOMMENDED.

If a service provider lists any of the person name attributes in metadata, the identity provider MUST release some form of person name, either displayName or givenName + sn. Beyond that, an identity provider is NOT REQUIRED to release any attribute not listed in metadata.