Seitenhistorie
| Hinweis |
|---|
Take into account the findings from the REFEDS whitepaper on eduPersonAffiliation use on what values to use or avoid, especially in cross-/international contexts and projects/services spanning cultures and/or federations. |
| Info | ||||
|---|---|---|---|---|
| ||||
Specifies the person's affiliation within a particular security domain in broad categories such as student, faculty, staff, alum, etc. The values consist of a left and right component separated by an "@" sign. The left component is one of the values from the eduPersonAffiliation controlled vocabulary. This right-hand side syntax of eduPersonScopedAffiliation intentionally matches that used for the right-hand side values for eduPersonPrincipalName. [...] – eduPerson 2020-01 |
For eduID.at members we recommend the following mapping to eduPerson-standardised values:
...
Covering more affiliations certainly will not hurt and maybe you have other (non-federation or not even SAML-related) local use-cases for more values and clear assignment rules for all the different kinds of communities you have to cater for. But there is no need to cover all of the values for some of them to be useful to the services that rely on them.
...
.
Examples:
- Our IDP 4 5 Attribute resolution documentaton shows how to create and populate this attribute.
- In eduID.at the u:book services rely on eduPersonScopedAffiliation (ePSA) for authorization purposes and also offers certain privileges (e.g. payment methods) only to some affiliations
- Some Library Services don't support the standard "common-lib-terms" entitlement and instead authorize subjects based on ePSA. Use only "
member" with those to keep things simple. - USI Wien (the University Sports Institute Vienna) uses ePSA for the determination of the price someone has to pay for a course, in combination with an eduPersonEntitlement attribute value (stating that the subject is eligible for student discount based on her age).
Überblick
Inhalte
Aufgabenbericht