Módosítások

Attribute Specification

163 bájt hozzáadva, 2012. szeptember 26., 10:41
eduPersonPrincipalName: disallow special chars
In a federation, information about the user is represented in SAML attributes transferred from the Identity Provider to the Service Provider. It is important for both parties to interpret the data in the same way.
Exact definitions of the attributes are maintained in the their defining schemas. Within this specification, we use the following schemas:
* ''person'', ''organizationalPerson'' (X.521)
* ''inetOrgPerson'' (RFC2798)
* ''eduPerson'' (http://middleware.internet2.edu/eduperson/, version 200806)* ''SCHAC'' (http://www.terena.org/activities/tf-emc2/schacreleases.html, version 1.4.1)
* ''niifPerson'', ''niifEduPerson'' ([[NIIFSchema]])
=== Persistent user identifiers ===
For most services, it is necessary to store application-specific data, such as user edits for a wiki page. This data is stored in a database , which is local to the SP, while the key between the user and the database entry is the '''persistent user identifier'''.
Persistent identifiers can be:
* '''static''': the identifier is created at the time of user creation at the IdP
* '''computed''': the identifier is generated run-time from one or more attributes of the user (usually by some cryptographic hashing algorithm).
* '''stored''': the identifier is stored in the user's digital identity at the IdP, thus it is persistent even when other user information is changed. Uniqueness of the identifier must be preserved.
=== List of attributes ===
In this specification, only mandatory and recommended attributes are specified. The [[HREFAttributeSpec|Hungarian version of the Attribute Specification]] contains descriptions of the optional attributes as well. If you have any questions regarding the optional attributes, please contact the Federation Operator.
==== eduPersonTargetedID ====
The application at the SP receives the attribute as the following:
https://idp.example.org/idp/shibboleth!https://sp.example.org/shibboleth!84e411ea-7daa-4a57-bbf6-b5cc52981b73
|assurer=institution
}}
eduPersonPrincipalName '''must not be reassigned'''
 
As some applications do not support special characters in identifiers, eduPersonPrincipalName MUST only contain the following characters: alpanumeric characters, dot ('.'), hyphen ('-') and underscore ('_').
|example=gipsz.jakab@example.org
|assurer=institution
}}
|description=Type of the Home Organisation
|semantics=
* '''university''': Higher Education institutions that are recognised by the Hungarian Ministry for Educationuniversities and colleges
* '''nren''': National research and educational network
* '''library''': Libraries
A lap eredeti címe: „https://wiki.niif.hu/index.php?title=Speciális:MobileDiff/2205...2353

Navigációs menü