Skip to Content.
Sympa Menu

shibboleth-dev - eduPerson schema/attributes

Subject: Shibboleth Developers

List archive

eduPerson schema/attributes


Chronological Thread 
  • From: Scott Cantor <>
  • To: 'Shibboleth Design Team' <>
  • Subject: eduPerson schema/attributes
  • Date: Mon, 20 May 2002 14:55:25 -0400
  • Importance: Normal
  • Organization: The Ohio State University
Here's a draft attribute schema for the alpha/beta releases that assigns
an "official" URI to an initial set:

urn:mace:eduPerson:1.0:eduPersonPrincipalName
urn:mace:eduPerson:1.0:eduPersonAffiliation
urn:mace:eduPerson:1.0:eduPersonPrimaryAffiliation
urn:mace:eduPerson:1.0:eduPersonEntitlement

We should switch to these URIs for the next release. There are some
schema comments that outline the use of these attributes, but I'll write
up a design draft that spells it out.

If we want to support other attributes for the first release, we should
get them on the table now and decide which ones are "eduPerson" and
which ones might require a different namespace.

-- Scott
<?xml version="1.0" encoding="US-ASCII"?>
<schema targetNamespace="urn:mace:eduPerson:1.0" xmlns:edu="urn:mace:eduPerson:1.0" xmlns="http://www.w3.org/2001/XMLSchema"; elementFormDefault="qualified" attributeFormDefault="unqualified">

    <!--
    Attribute Identifiers:
    
    urn:mace:eduPerson:1.0:eduPersonPrincipalName
        - AttributeValue xsi:type is eduPersonPrincipalNameType
        - AttributeValue element contains the LHS of the eduPerson-defined EPPN
        - Scope, if any, contains the RHS of the eduPerson-defined EPPN
        - MUST be singly occurring value
    
    urn:mace:eduPerson:1.0:eduPersonAffiliation
        - AttributeValue xsi:type is eduPersonAffiliationType
        - AttributeValue elements contain an eduPerson-defined affiliation token
        - Scope, if any, contains a DNS-style organization name
        - MAY be multi-valued
    
    urn:mace:eduPerson:1.0:eduPersonPrimaryAffiliation
        - AttributeValue xsi:type is eduPersonAffiliationType
        - AttributeValue element contains an eduPerson-defined affiliation token
        - Scope, if any, contains a DNS-style organization name
        - MUST be singly occurring value
    
    urn:mace:eduPerson:1.0:eduPersonEntitlement
        - AttributeValue xsi:type is xsd:anyURI
        - AttributeValue elements contain a URI representing the entitlement
        - MAY be multi-valued
    -->
    
    <complexType name="ScopedStringValueType">
        <simpleContent>
            <extension base="string">
                <attribute name="Scope" type="string" use="optional"/>
            </extension>
        </simpleContent>
    </complexType>
    
    <complexType name="eduPersonPrincipalNameType">
        <simpleContent>
            <restriction base="edu:ScopedStringValueType">
                <pattern value="[^\s@]+"/>
            </restriction>
        </simpleContent>
    </complexType>
    
    <complexType name="eduPersonAffiliationType">
        <simpleContent>
            <restriction base="edu:ScopedStringValueType">
                <enumeration value="faculty"/>
                <enumeration value="student"/>
                <enumeration value="staff"/>
                <enumeration value="alum"/>
                <enumeration value="member"/>
                <enumeration value="affiliate"/>
                <enumeration value="employee"/>
            </restriction>
        </simpleContent>
    </complexType>
    
</schema>

  • eduPerson schema/attributes, Scott Cantor, 05/20/2002

Archive powered by MHonArc 2.6.16.

Top of Page