Versions Compared

Old Version 17

changes.mady.by.user Peter Brand

Saved on

compared with

New Version 18

changes.mady.by.user Peter Brand

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: v5

...

Covering more affiliations certainly will not hurt and maybe you have other (non-federation or not even SAML-related) local use-cases for more values and clear assignment rules for all the different kinds of communities you have to cater for. But there is no need to cover all of the values for some of them to be useful to the services that rely on them.

Examples:

  • Our IDP 4 5 Attribute resolution documentaton shows how to create and populate this attribute.
  • In eduID.at the u:book services rely on eduPersonScopedAffiliation (ePSA) for authorization purposes and also offers certain privileges (e.g. payment methods) only to some affiliations
  • Some Library Services don't support the standard "common-lib-terms" entitlement and instead authorize subjects based on ePSA. Use only "member" with those to keep things simple.
  • USI Wien (the University Sports Institute Vienna) uses ePSA for the determination of the price someone has to pay for a course, in combination with an eduPersonEntitlement attribute value (stating that the subject is eligible for student discount based on her age).