Skip to Content.
Sympa Menu

shibboleth-dev - Re: Usage of eduPerson attributes in Shibboleth assertions

Subject: Shibboleth Developers

List archive

Re: Usage of eduPerson attributes in Shibboleth assertions


Chronological Thread 
  • From: Walter Hoehn <>
  • To:
  • Cc:
  • Subject: Re: Usage of eduPerson attributes in Shibboleth assertions
  • Date: Tue, 11 May 2004 13:21:22 -0500

Hi Vishal,

I have also used eduPersonPrincipalName and eduPersonTargetedID attributes in production deployments. The former is used in a scenario involving access to a local institutional repository and the latter was used as a persistent identifier in an inter-organizational web portal. In the second case, portal accounts are auto-created whenever a new targeted id is encountered.

-Walter


On May 11, 2004, at 2:45 AM,

wrote:

I'm trying to understand the usage of eduPerson attributes in Shibboleth
assertions for inter-institutional applications. It seems that the
attributes that return DNs (such as eduPersonOrgDN, eduPersonOrgUnitDN,
eduPersonPrimaryOrgUnitDN) are not very likely to be useful in this context,
since the directory server that these DNs correspond to is neither specified
in any of these attributes nor very likely to be exposed for direct access
outside the institution.

In trying to see the usage patterns for attributes being used in various
Shibboleth deployments, the JSTOR and OLCC pilots indicate usage of
eduPersonAffiliation and eduPersonEntitlement. Are there other attributes
from eduPerson, person, inetOrgPerson or organizationalPerson schemas etc.
that are being actively used in applications?

Any thoughts or comments will be appreciated.

-- Vishal





Archive powered by MHonArc 2.6.16.

Top of Page