Versions Compared

Old Version 6

changes.mady.by.user Peter Brand

Saved on

compared with

New Version 7

changes.mady.by.user Peter Brand

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: add link to resolver docs

...

Note

Before relying on affiliation values for federated authorisation take into account the findings from the REFEDS whitepaper on eduPersonAffiliation use on what values to use or avoid, especially in cross-/international contexts and projects/services spanning cultures and/or federations.

Examples:

  • Our IDP 3 Attribute resolution documentaton shows how to create and populate this attribute.
  • In eduID.at the popular u:book services rely on eduPersonScopedAffiliation (ePSA) for authorization purposes, and also offers certain privileges (e.g. payment methods) only to some affiliations
  • Some Library Services don't support the standard "common-lib-terms" entitlement and instead authorize subjects based on ePSA. Use only "member" with those to keep things simple.
  • USI Wien (the University Sports Institute) uses ePSA for the determination of the price someone has to pay for a course, in combination with an eduPersonEntitlement attribute value (stating that the subject is eligible for student discount based on her age).