eduPerson summary

The eduPerson objectclass contains the following attributes:

» eduPerson Object Class Specification (200806)
» InCommon Federation Attribute Summary

Attribute summary

eduPersonAffiliation

Specifies the person's relationship(s) to the institution in broad categories.

Permissible values: faculty, student, staff, alum, member, affiliate, employee, library-walk-in
# of values:multi
Example: eduPersonAffiliation: faculty

eduPersonPrimaryAffiliation

Specifies the person's PRIMARY relationship to the institution in broad categories.

Permissible values: faculty, student, staff, alum, member, affiliate, employee, library-walk-in
# of values:single
Example: eduPersonPrimaryAffiliation: student

eduPersonScopedAffiliation

Specifies the person's affiliation within a particular security domain in broad categories. The values consist of a left and right component separated by an "@" sign. The left component is one of the values from the eduPersonAffiliation controlled vocabulary. The right-hand side syntax of eduPersonScopedAffiliation intentionally matches that used for the right-hand side values for eduPersonPrincipalName since both identify a security domain.

Permissible values: See controlled vocabulary for eduPersonAffiliation.
# of values:multi
Example: eduPersonScopedAffiliation: faculty@cs.berkeley.edu

eduPersonOrgDN

The distinguished name (DN) of the directory entry representing the institution with which the person is associated.

# of values:single
Example: eduPersonOrgDN: o=Hogwarts, dc=hsww, dc=wiz

eduPersonOrgUnitDN

The distinguished name(s) (DN) of the directory entries representing the person's Organizational Unit(s). May be multivalued, as for example, in the case of a faculty member with appointments in multiple departments or a person who is a student in one department and an employee in another.

# of values:multi
Example: eduPersonOrgUnitDN: ou=Potions, o=Hogwarts, dc=hsww, dc=wiz

eduPersonPrimaryOrgUnitDN

The distinguished name (DN) of the directory entry representing the person's primary Organizational Unit(s).

# of values:single
Example: eduPersonPrimaryOrgUnitDN: ou=Music Department, o=Notre Dame, dc=nd, dc=edu

eduPersonEntitlement

URI (either URN or URL) that indicates a set of rights to specific resources.

# of values:multi
Example: eduPersonEntitlement: urn:mace:washington.edu:confocalMicroscope

eduPersonAssurance

Set of URIs that assert compliance with specific standards for identity assurance. This multi-valued attribute represents identity assurance profiles (IAPs). An example of such a standard is the InCommon Federation's IAPs.

# of values:multi
Example: eduPersonAssurance: urn:mace:incommon:IAQ:sample
Example: eduPersonAssurance: http://idm.example.org/LOA#sample

eduPersonPrincipalName

The "NetID" of the person for the purposes of inter-institutional authentication. It should be represented in the form "user@scope" where scope defines a local security domain.

# of values:single
Example: eduPersonPrincipalName: hputter@hsww.wiz

eduPersonTargetedID

A persistent, non-reassigned, privacy-preserving identifier for a principal shared between a identity provider and service provider (or a group of service providers). An identity provider uses the appropriate value of this attribute when communicating with a particular service provider or group of service providers, and does not reveal that value to any other service provider except in limited circumstances.

Notes: EduPersonTargetedID values should not be reassigned.
# of values:multi

eduPersonNickname

Person's nickname.

# of values:multi
Example: eduPersonNickname: Spike