Versionen im Vergleich

Alte Version 4

changes.mady.by.user Peter Brand

Gespeichert am

verglichen mit

Neue Version Aktuell

changes.mady.by.user Peter Brand

Gespeichert am

Schlüssel

  • Diese Zeile wurde hinzugefügt.
  • Diese Zeile wurde entfernt.
  • Formatierung wurde geändert.
Kommentar: single-valued

...

Info
iconfalse
titleDefinition

Specifies a person´s home organization using the domain name of the organization. SCHAC

http://www.terena.org/activities/tf-emc2/schacreleases.html 

Examples:

Notes on usage:

...

  • domain-valued ("example.ac.at"), should should use the same "canonical" DNS domain as the "scope" part of eduPersonPrincipalName and eduPersonScopedAffiliation.
  • single-valued! Whereas eduPersonScopedAffiliation can and usually has multiple values, potentially including multiple different "scopes", schacHomeOrganization can only have one value, the canonical DNS domain of the organisation running the IDP asserting this attribute.
  • Could be used as an identifier for the institution which is independent from the IDPIdentity Provider's entityID (e.g. for mapping of institutional contracts)
  • Could be used to only send the "scope" part of eduPersonScopedAffiliation when the "affiliation" is not needed at the Service Provider, but note the warning below!
  • TCS Personal Certs
Warnung
iconfalse

Contrary to scoped attributes (eduPersonScopedAffiliation, eduPersonPrincipalName) the Shibboleth software does not perform any checks on what IDP may issue what schacHomeOrganization value, by default.