The Incommon Federation wiki has moved.

Please visit the new InCommon Federation Library wiki for updated content. Remember to update your bookmarks.

Click in the link above if you are not automatically redirected in 15 seconds.



You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 11 Next »

This document contains DRAFT material intended for discussion and comment by the InCommon participant community.  Comments and questions should be sent to the InCommon participants mailing list.

Supported Attribute Summary

A supported attribute is one that the IdP is able to release; that is, a supported attribute is a technical capability of a given IdP deployment. Whether or not an IdP will release any given attribute is a local policy decision.

As noted in the InCommon Participation Agreement, IdPs are expected to support the following attributes:

  • Identifiers
    • eduPersonUniqueId
    • eduPersonPrincipalName
    • eduPersonTargetedID (a.k.a. SAML2 Persistent NameID)
  • Mail attribute
    • mail
  • Person name attributes
    • displayName
    • givenName
    • sn (surname)
  • Authorization attributes
    • eduPersonScopedAffiliation
    • eduPersonEntitlement

See the eduPerson Object Class Specification for the formal definitions of each of the above attributes.

Summary of Attributes Supported by IdPs in the InCommon Federation

Friendly Name

Formal Names

Datatype

Multi?

eduPersonUniqueId

SAML2: urn:oid:1.3.6.1.4.1.5923.1.1.1.13

String, scoped

No

eduPersonPrincipalName

SAML2: urn:oid:1.3.6.1.4.1.5923.1.1.1.6
SAML1: urn:mace:dir:attribute-def:eduPersonPrincipalName

String, scoped

No

eduPersonTargetedID

SAML2: urn:oid:1.3.6.1.4.1.5923.1.1.1.10

XML

No

mail

SAML2: urn:oid:0.9.2342.19200300.100.1.3
SAML1: urn:mace:dir:attribute-def:mail

String

Yes

displayName

SAML2: urn:oid:2.16.840.1.113730.3.1.241
SAML1: urn:mace:dir:attribute-def:displayName

String

No

givenName

SAML2: urn:oid:2.5.4.42
SAML1: urn:mace:dir:attribute-def:givenName

String

Yes

sn (surname)

SAML2: urn:oid:2.5.4.4
SAML1: urn:mace:dir:attribute-def:sn

String

Yes

eduPersonScopedAffiliation

SAML2: urn:oid:1.3.6.1.4.1.5923.1.1.1.9
SAML1: urn:mace:dir:attribute-def:eduPersonScopedAffiliation

String, scoped, enumerated

Yes

eduPersonEntitlement

SAML2: urn:oid:1.3.6.1.4.1.5923.1.1.1.7SAML1: urn:mace:dir:attribute-def:eduPersonEntitlement

URI

Yes

Key:

  • Friendly Name: A short, friendly name for the attribute
  • Formal Names: The formal name of the attribute expressed on-the-wire in accordance with the SAML V2.0 LDAP/X.500 Attribute Profile
  • Datatype: A brief, informal description of the value syntax of the attribute
  • Multi?: Indicates whether or not the attribute is multi-valued
#trackbackRdf ($trackbackUtils.getContentIdentifier($page) $page.title $trackbackUtils.getPingUrl($page))
  • No labels