Scoped affiliation coreshow all attributes | |
Name | eduPersonScopedAffiliation |
Description | The person's affiliation within a particular security domain |
Vocabulary | see controlled vocabulary for eduPersonAffiliation |
References | eduPerson |
OIDC | n/a |
OID | 1.3.6.1.4.1.5923.1.1.1.9 |
LDAP Syntax | Directory String |
# of values | multi |
Example values |
|
Definition
Specifies the person's affiliation within a particular security domain in broad categories such as student, faculty, staff, alum, etc.
The values consist of a left and right component separated by an @ sign.
-
The left component is one of the values from the eduPersonAffiliation controlled vocabulary. This right-hand side syntax of eduPersonScopedAffiliation intentionally matches that used for the right-hand side values for eduPersonPrincipalName .
-
The scope portion MUST be the administrative domain to which the affiliation applies. Multiple @ signs are not recommended, but in any case, the first occurrence of the @ sign starting from the left is to be taken as the delimiter between components. Thus, user identifier is to the left, security domain to the right of the first @. This parsing rule conforms to the POSIX "greedy" disambiguation method in regular expression processing.
Permissible values
See controlled vocabulary for
eduPersonAffiliation
Only these values are allowed to the left of the @ sign. The values to the right of the
@
sign should indicate a security domain.
Semantics
An eduPersonScopedAffiliation value of x@y is to be interpreted as an assertion that the person in whose entry this value occurs holds an affiliation of type x within the security domain y.
Important
-
In the Switch edu-ID federation, the value for the scope portion MUST be the same as the user's swissEduPersonHomeOrganization attribute value.
Notes
-
Consumers of eduPersonScopedAffiliation will have to decide whether they trust values of this attribute. In the general case, the directory carrying the eduPersonScopedAffiliation is not the ultimate authoritative speaker for the truth of the assertion. Trust must be established out of band with respect to exchanges of this attribute value.
All attribute definitions in a single document: Switch edu-ID Attribute Specification