Versionen im Vergleich

Alte Version 5

changes.mady.by.user Peter Brand

Gespeichert am

verglichen mit

Neue Version 6

changes.mady.by.user Peter Brand

Gespeichert am

Schlüssel

  • Diese Zeile wurde hinzugefügt.
  • Diese Zeile wurde entfernt.
  • Formatierung wurde geändert.

...

The prime purpose of the ACOnet OpenIDP is to allow service owners to offer their resource to their whole intended community, whether or not all members of that community already have access to a SAML Identity Provider. This removes the need for service owners to also implement local or alternative authentication methods within their resource (leading to password management and "password forgotten" support at the service), in addition to federated access via SAML. As such the ACOnet OpenIDP is part of the eduID.at Metadata, together with all other Identity Providers within eduID.at.

Attributes sent by the ACOnet OpenIDP

Subjects may enter any profile data they want during the account registration phase, so relying on any of the data provided should only be done with extreme caution.

Info
iconfalse

The only piece of data which is verified in some sense is the email address, which will be used during account generation, so it must be deliverable and accessible to the subject registering the account – at least at the time of the account creation.

The following attributes will be issued by the OpenIDP to any Service Provider known to it (i.e., all eduID.at Service Providers):

Friendly nameFormal attribute nameDescription
givenNameurn:oid:2.5.4.42First name
snurn:oid:2.5.4.4Last name
displayNameurn:oid:2.16.840.1.113730.3.1.241"Firstname Lastname" (whitout the quotes)
mailurn:oid:0.9.2342.19200300.100.1.3The email address used for verification emails during account creation
eduPersonPrincipalNameurn:oid:1.3.6.1.4.1.5923.1.1.1.6Always of the form [a-z0-9]{7}@openidp.aco.net, i.e. seven random lower-case characters and/or digits + "@openidp.aco.net"
eduPersonEntitlement
(only in few cases) 		urn:oid:1.3.6.1.4.1.5923.1.1.1.7For application owners the OpenIDP allows the provisioning of entitlement values via a proprietary API. E.g. after the USI support team (see below) has verified someone's identity they are permitted to store that fact in an entitlement specific to their service, e.g. http://usi.at/student-discount (to express the fact that someone should be entitled to the discount USI offers, based on age verification).

Services known to accept ACOnet OpenIDP identities

...