Entitlement othershow all attributes | |
Name | eduPersonEntitlement |
Description | URI (either URL or URN) that indicates a set of rights to specific resources |
Vocabulary | URIs only, i.e. a URL or URN |
References | eduPerson, RFC3986 |
OIDC |
Claim: eduPersonEntitlement Type: JSON array Scope: https://login.eduid.ch/authz/User.Read |
OID | 1.3.6.1.4.1.5923.1.1.1.7 |
LDAP Syntax | Directory String |
# of values | multi |
Example values |
|
Definition
URI (either URN or URL) that indicates a set of rights to specific resources.
Notes
-
A simple example would be a URL for a contract with a licensed resource provider. When a principal's home institutional directory is allowed to assert such entitlements, the business rules that evaluate a person's attributes to determine eligibility are evaluated there. The target resource provider does not learn characteristics of the person beyond their entitlement.
The trust between the two parties must be established out of band. One check would be for the target resource provider to maintain a list of subscribing institutions. Assertions of entitlement from institutions not on this list would not be honored. -
URN values would correspond to a set of rights to resources based on an agreement across the relevant community. MACE (Middleware Architecture Committee for Education) affiliates may opt to register with MACE as a naming authority, enabling them to create their own URN values.
https://swit.ch/eduidMACE
All attribute definitions in a single document: Switch edu-ID Attribute Specification