Notes on usage:
- domain-valued ("example.ac.at"), should use the same "canonical" DNS domain as the "scope" part of eduPersonPrincipalName and eduPersonScopedAffiliation.
- single-valued! Whereas eduPersonScopedAffiliation can and usually has multiple values, potentially including multiple different "scopes", schacHomeOrganization can only have one value, the canonical DNS domain of the organisation running the IDP asserting this attribute.
- Could be used as an identifier for the institution which is independent from the Identity Provider's entityID (e.g. for mapping of institutional contracts)
- Could be used to only send the "scope" part of eduPersonScopedAffiliation when the "affiliation" is not needed at the Service Provider
Overview
Content Tools
Tasks