Attributes are data elements about individuals or institutions, with standardized syntax and semantics. They describe information essential for applications and services, e.g. your name and your relation to the institution issuing those attributes. Often attributes will be used for distributed access control, where the evaluation of attributes (authorization, happening at the Service Provider) is decoupled from the creation of the data (by the Identity Provider, after authenticating the subject).
For Attribute Based Access Control (a model better suited to distributed systems than RBAC) to work all parties must have a shared understanding of the data elements transmitted, their exact form(at) and their meaning. Therefore standardizing attibutes and their use is an essential component of all Identity Federation and Interfederation efforts.
- Attributes are defined in Attribute Schemas, which range from IETF-standarized COSINE/orgPerson/inetOrgPerson schemas to ones specific to Higher Education, Research and Academia.
- Attributes often consitute personal data (or PII, Personally Identifiable Information), so for controlled attribute release the use of Service Categories is recommended.
- There currently is exists no formal eduID.at Attribute Profile, but all IDPs should be able to generate the list of attributes specified in section "Make attributes available" on Preparing an IDP for Interfederation.
- For Service Providers the GEANT community has created a guide detailling What attributes are relevant for a Service Provider
See child pages for more detail on specific attributes.
Überblick
Inhalte
Aufgabenbericht