The Incommon Federation wiki has moved.

Please visit the new InCommon Federation Library wiki for updated content. Remember to update your bookmarks.

Click in the link above if you are not automatically redirected in 15 seconds.



You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 6 Next »

Attribute Bundles

Essential Attribute Bundle

IdPs are encouraged to release the essential attribute bundle to the broadest class of SPs possible:

  • Identifier
    • eduPersonPrincipalName
  • Mail attribute
    • mail
  • Person name attributes
    • displayName
    • givenName
    • sn (surname)

An Important Consequence of Releasing the Essential Attribute Bundle

If your deployment of eduPersonPrincipalName is non-reassigned, and your IdP releases the essential attribute bundle to all SPs, then your IdP supports the Research & Scholarship Category by definition.

Research & Scholarship Attribute Bundle

IdPs are encouraged to release the Research & Scholarship attribute bundle to all R&S SPs:

  • Identifiers
    • eduPersonPrincipalName
    • eduPersonTargetedID
  • Mail attribute
    • mail
  • Person name attributes
    • displayName
    • givenName
    • sn (surname)
  • Authorization attribute
    • eduPersonScopedAffiliation

Supporting the Research & Scholarship Category

An identity provider (IdP) supports the Research & Scholarship (R&S) Category if, for some subset of the IdP's user population, the IdP releases a minimal subset of the R&S attribute bundle to R&S service providers without administrative involvement, either automatically or subject to user consent.

Minimal Subset of the R&S Attribute Bundle

The following attributes constitute a minimal subset of the R&S attribute bundle:

  • eduPersonPrincipalName
  • mail
  • displayName OR (givenName AND sn)

For the purposes of access control, a non-reassigned persistent identifier is REQUIRED. If your deployment of eduPersonPrincipalName is non-reassigned, it will suffice. Otherwise you MUST release eduPersonTargetedID (which is non-reassigned by definition) in addition to eduPersonPrincipalName. In any case, release of both identifiers is RECOMMENDED.

#trackbackRdf ($trackbackUtils.getContentIdentifier($page) $page.title $trackbackUtils.getPingUrl($page))
  • No labels