Page History

 

eduPerson Object Class Specification (201602)

...

The (201602) version of the eduPerson object class specification is described in this document. This version is appropriate for adoption in a production enterprise directory service environment.

0. Table of Contents

1.

Anchor
Introduction Introduction

Introduction

1.1. 

Anchor
General Remarks General Remarks

General Remarks

...

If widespread agreement and implementation of this object class in campus directories is achieved, a broad and powerful new class of higher education applications can be more easily deployed. Additional information on eduPerson, including LDIF for implementing the object class and attributes, is available at its home on the web: http://www.educause.edu/eduperson/.

1.2. 

Anchor
Identifier Concepts Identifier Concepts

Identifier Concepts

...

An identifier that is human-palatable is intended to be rememberable and reproducible by typical human users, in contrast to identifiers that are, for example, randomly generated sequences of bits.

1.3. 

Anchor
Scope Scope

Scope

The eduPersonPrincipalName, eduPersonPrincipalNamePrior, eduPersonScopedAffiliation, and eduPersonUniqueId attribute definitions found below make use of the concept of scope. The meaning of scope is specific to the attribute to which it is attached and can vary from one attribute to another.

...

2.

Anchor
eduPerson Object Class and Attributes eduPerson Object Class and Attributes

eduPerson Object Class and Attributes

2.1. 

Anchor
eduPerson Object Class Definition eduPerson Object Class Definition

eduPerson Object Class Definition

All eduPerson-defined attribute names are prefaced with "eduPerson." The eduPerson auxiliary object class contains all of them as "MAY" attributes:

( 1.3.6.1.4.1.5923.1.1.2
        NAME 'eduPerson'
        AUXILIARY
        MAY ( eduPersonAffiliation $  
                    eduPersonNickname $
                    eduPersonOrgDN $
                    eduPersonOrgUnitDN $
                    eduPersonPrimaryAffiliation $
                    eduPersonPrincipalName $
                    eduPersonEntitlement $
                    eduPersonPrimaryOrgUnitDN $
                    eduPersonScopedAffiliation $
                    eduPersonTargetedID $
                    eduPersonAssurance $
                    eduPersonPrincipalNamePrior $
                    eduPersonUniqueId )
                    eduPersonOrcid )
)

...

)
)

...

2.2.

Anchor
eduPerson Attribute Definitions eduPerson Attribute Definitions

eduPerson Attribute Definitions

Attributes in the following section were newly defined for eduPerson. Each entry specifies the version in which the attribute was first defined.

...

2.2.1.

Anchor
eduPersonAffiliation eduPersonAffiliation

eduPersonAffiliation(defined in eduPerson 1.0);OID:1.3.6.1.4.1.5923.1.1.1.1

...

Syntax: directoryString;Indexing:pres, eq

...

Anchor
eduPersonEntitlement eduPersonEntitlement

2.2.2. eduPersonEntitlement(defined in eduPerson 200210); OID:1.3.6.1.4.1.5923.1.1.1.7

...

Syntax: directoryString; Indexing:No recommendation

...

2.2.3.

Anchor
eduPersonNickname eduPersonNickname

eduPersonNickname (defined in eduPerson 1.0); OID:1.3.6.1.4.1.5923.1.1.1.2

...

Syntax: directoryString;Indexing:pres, eq, sub

...

2.2.4.

Anchor
eduPersonOrgDN eduPersonOrgDN

eduPersonOrgDN (defined in eduPerson 1.0); OID:1.3.6.1.4.1.5923.1.1.1.3

...

Syntax: distinguishedName;Indexing:No recommendation

...

2.2.5.

Anchor
eduPersonOrgUnitDN eduPersonOrgUnitDN

eduPersonOrgUnitDN (defined in eduPerson 1.0); OID:1.3.6.1.4.1.5923.1.1.1.4

...

Syntax: distinguishedName;Indexing:eq

...

2.2.6.

Anchor
eduPersonPrimaryAffiliation eduPersonPrimaryAffiliation

eduPersonPrimaryAffiliation(defined in eduPerson 1.0);

...

Syntax: directoryString;Indexing:pres, eq, sub

...

2.2.7.

Anchor
eduPersonPrimaryOrgUnitDN eduPersonPrimaryOrgUnitDN

eduPersonPrimaryOrgUnitDN(defined in eduPerson 200210); OID:1.3.6.1.4.1.5923.1.1.1.8

...

Syntax: distinguishedName;Indexing:eq

...

2.2.8.

Anchor
eduPersonPrincipalName eduPersonPrincipalName

eduPersonPrincipalName(defined in eduPerson 1.0); OID:1.3.6.1.4.1.5923.1.1.1.6

...

Indexing:pres, eq, sub

...

2.2.9.

Anchor
eduPersonPrincipalNamePrior eduPersonPrincipalNamePrior

eduPersonPrincipalNamePrior(defined in eduPerson 201211);OID:1.3.6.1.4.1.5923.1.1.1.12

...

Indexing: pres, eq, sub

...

2.2.10. 

Anchor
eduPersonScopedAffiliation eduPersonScopedAffiliation

eduPersonScopedAffiliation(defined in eduPerson (200312)); OID:1.3.6.1.4.1.5923.1.1.1.9

...

Syntax: directoryString;Indexing:pres, eq

...

2.2.11.

Anchor
eduPersonTargetedID eduPersonTargetedID

eduPersonTargetedID(defined in eduPerson 200312); OID:1.3.6.1.4.1.5923.1.1.1.10

...

Identity or service providers or directory-enabled applications with the need to link an external account to an internal account maintained within their own system. This attribute is often used to represent a long-term account linking relationship between an identity provider and service provider(s) (or other identity/attribute provider).

...

2.2.12.

Anchor
eduPersonAssurance eduPersonAssurance

eduPersonAssurance(defined in eduPerson 200806);OID:1.3.6.1.4.1.5923.1.1.1.11

...

Syntax: directoryString;Indexing:No recommendation

...

2.2.13.

Anchor
eduPersonUniqueId eduPersonUniqueId

eduPersonUniqueId(defined in eduPerson 201305);OID:1.3.6.1.4.1.5923.1.1.1.13

...

Indexing: pres, eq

...

2.2.14.

Anchor
eduPersonOrcid eduPersonOrcid

eduPersonOrcid(defined in eduPerson 201602);OID:1.3.6.1.4.1.5923.1.1.1.16

...

Syntax: directoryString;

Indexing: pres, eq

...

3.

Anchor
Comments on Other Common Person Attributes Comments on Other Common Person Attributes

Comments on Other Common Person Attributes

The attributes in the following section are from other standard object classes or attribute definitions. It is not a complete list of such attributes, but in any case where the eduPerson working group considered that some comment was needed to clarify the meaning or utility of an attribute, it can be found here. For details on the syntax and other aspects of these attributes, see the appropriate standards documents.

...

3.1. .

Anchor
audio audio

audio (defined in RFC2798, inetOrgPerson); OID:0.9.2342.19200300.100.1.55

...

Avoid. Not clearly defined, no de facto standard.

...

3.2.

Anchor
cn cn

cn (commonName, included in person); OID:2.5.4.3

...

cn: Mary Francis Xavier

...

3.3.

Anchor
description description

description (included in person); OID:2.5.4.13

...

description: A jolly good felon

...

3.4.

Anchor
displayName displayName

displayName (defined in RFC2798, inetOrgPerson); OID:2.16.840.1.113730.3.1.241

...

displayName: Jack Dougherty

...

3.5.

Anchor
facsimileTelephoneNumber facsimileTelephoneNumber

facsimileTelephoneNumber(defined in RFC4519, included in orgPerson); OID:2.5.4.23

...

facsimileTelephoneNumber: +44 71 123 4567

...

3.6.

Anchor
givenName givenName

givenName (defined in RFC4519, inetOrgPerson); OID:2.5.4.42

...

Example (LDIF Fragment) 

givenName: Stephen

...

3.7.

Anchor
homePhone homePhone

homePhone (defined in RFC2798, inetOrgPerson); OID:0.9.2342.19200300.100.1.20

...

homePhone: +1 608 555 1212

...

3.8.

Anchor
homePostalAddress homePostalAddress

homePostalAddress (defined in RFC2798, inetOrgPerson); OID:0.9.2342.19200300.100.1.39

...

homePostalAddress: 1212 Como Ave.$Midton, SD 45621$USA

...

3.9.

Anchor
initials initials

initials (defined in RFC4519, inetOrgPerson); OID:2.5.4.43

...

Example (LDIF Fragment) 

initials: f x

...

3.10.

Anchor
jpegPhoto jpegPhoto

jpegPhoto (defined in RFC2798, inetOrgPerson); OID:0.9.2342.19200300.100.1.60

...

Example applications for which this attribute would be useful 

white pages

...

3.11. l

Anchor
#l #l

l (localityName, defined in RFC4519, included in orgPerson); OID:2.5.4.7

...

Example (LDIF Fragment) 

l: Hudson Valley

...

3.12.

Anchor
labeledURI labeledURI

labeledURI (defined in RFC2798, inetOrgPerson); OID:1.3.6.1.4.1.250.1.57

...

labeledURI: http://www.hsww.wiz/%7Eputter Harry's home page

...

3.13.

Anchor
mail mail

mail (defined in RFC4524, inetOrgPerson); OID:0.9.2342.19200300.100.1.3

...

mail: dumbledore@hsww.wiz

...

3.14.

Anchor
manager manager

manager (defined in RFC4524, inetOrgPerson); OID:0.9.2342.19200300.100.1.10

...

manager: uid=twilliams, ou=people, dc=hobart, dc=edu

...

3.15.

Anchor
mobile mobile

mobile (defined in RFC4524, inetOrgPerson); OID:0.9.2342.19200300.100.1.41

...

mobile: +47 22 44 66 88

...

3.16.

Anchor
o o

o (organizationName, defined in RFC2798, inetOrgPerson); OID:2.5.4.10

...

Example (LDIF Fragment) 

o: St. Cloud State

...

3.17.

Anchor
ou ou

ou (organizationalUnitName, included in orgPerson); OID:2.5.4.11

...

Example (LDIF Fragment) 

ou: Faculty Senate

...

3.18.

Anchor
pager pager

pager (defined in RFC4524, inetOrgPerson); OID:0.9.2342.19200300.100.1.42

...

Example (LDIF Fragment) 

pager: +1 202 555 4321

...

3.19. .19.

Anchor
postalAddress postalAddress

postalAddress (included in orgPerson); OID:2.5.4.16

...

postalAddress: P.O. Box 333$Whoville, WH 99999$USA

...

3.20.

Anchor
postalCode postalCode

postalCode (included in orgPerson); OID:2.5.4.17

...

Example (LDIF Fragment) 

postalCode: 54321

...

3.21.

Anchor
postOfficeBox postOfficeBox

postOfficeBox (RFC4519, included in orgPerson); OID:2.5.4.18

...

postOfficeBox: 109260

...

3.22.

Anchor
preferredLanguage preferredLanguage

preferredLanguage (defined in RFC2798, inetOrgPerson); OID:2.16.840.1.113730.3.1.39

...

preferredLanguage: EO

...

3.23.

Anchor
seeAlso seeAlso

seeAlso (RFC4519, included in person); OID:2.5.4.34

...

seeAlso: cn=Department Chair, ou=physics, o=University of Technology, dc=utech, dc=ac, dc=uk

...

3.24.

Anchor
sn sn

sn (surname, RFC4519, included in person); OID:2.5.4.4

...

sn: Carson-Smith
sn: Carson
sn: Smith

...

3.25.

Anchor
st st

st (stateOrProvinceName, RFC4519, included in orgPerson); OID:2.5.4.8

...

Example (LDIF Fragment) 

st: IL

...

3.26.

Anchor
street street

street (RFC4519, included in orgPerson); OID:2.5.4.9

...

street: 303 Mulberry St.

...

3.27.

Anchor
telephoneNumber telephoneNumber

telephoneNumber (included in person); OID:2.5.4.20

...

telephoneNumber: +1 212 555 1234

...

3.28.

Anchor
title title

title (RFC4519, included in orgPerson); OID:2.5.4.12

...

title: Assistant Vice-Deputy for Redundancy Reduction

...

3.29.

Anchor
uid uid

uid (defined in RFC4519, inetOrgPerson); OID:0.9.2342.19200300.100.1.1

...

Example (LDIF Fragment) 

uid: gmettes

...

3.30.

Anchor
uniqueIdentifier uniqueIdentifier

uniqueIdentifier (RFC4524); OID:0.9.2342.19200300.100.1.44

...

Avoid. UniqueIdentifier should not be reused because RFC4524 states "The domain within which the identifier is unique and the exact semantics of the identifier are for local definition."

...

3.31.

Anchor
userCertificate userCertificate

userCertificate (defined in RFC2798, inetOrgPerson); OID:2.5.4.36

...

email clients, controlling access to resources

...

3.32.

Anchor
userPassword userPassword

userPassword (RFC4519, included in person); OID:2.5.4.35

...

controlling access to resources

...

3.33.

Anchor
userSMIMECertificate userSMIMECertificate

userSMIMECertificate(defined in RFC2798, inetOrgPerson); OID:2.16.840.1.113730.3.1.40

...

Example applications for which this attribute would be useful 

email clients

...

3.34.

Anchor
x500uniqueIdentifier x500uniqueIdentifier

x500uniqueIdentifier(defined in RFC2798, inetOrgPerson); OID:2.5.4.45

...

Avoid. X500UniqueIdentifier syntax is specified as bit string, and that is not likely to be a good fit for many of the institutional attribute value choices, especially as part of the DN.

...

4.

Anchor
Change Log Change Log

Change Log

This section lists changes that have been made from version to version of eduPerson.

...

• 1. Document Status and Introductory sections have been added.

• 2. Attention called to the change of the eduPerson object class from structural to auxiliary

• 3. Subsection headings for empty fields deleted..

• 4. Indexing recommendations for the eduPerson attributes has been improved and corrected in many cases.

• 5. The syntax notes for the eight eduPerson attributes have been corrected and they now match the LDIF file. DirectoryString is used for five eduPerson attributes. The other three contain distinguished names, so they use distinguishedName syntax.

• 6. RFC2252 style definitions have been included for the eduPerson object class itself and for each of the eduPerson attributes.

• 7. Two new attributes are defined: eduPersonEntitlement and eduPersonPrimaryOrgUnitDN.

• 8. The notes on the c (country) attribute have been deleted since c is not contained in any of the referenced object classes.

• 9. Notes have been added for several additional attributes from the standard person object classes. These include audio, manager, title, uniqueIdentifier and x500UniqueIdentifier.

• 10. Notes on userCertificate and userSMIMECertificate have been rewritten. 

• 11. Clarifying text added in sections 1.3 and 2.2.8

...

5.

Anchor
References References

References

...

6.

Anchor
Acknowledgments Acknowledgments

Acknowledgments

MACE members and others who contributed many hours to the definition of this object class include Rob Banz, Tom Barton, Brendan Bellina, Scott Cantor, Steven Carmody, Michael Gettes, Paul Hill, Ken Klingenstein, RL "Bob" Morgan (RIP), Todd Piket, David Wasley, Ann West, Ignacio Coupeau, Leif Johannson, Hallvard Furuseth, Diego Lopez, Roland Hedberg, Ingrid Melve, Alistair Young, Peter Gietz, Mark Jones, Nathan Dors, Tom Scavo, Lynn McRae, Chad La Joie, Katheryn Strojny, Kathryn Huxtable, Digant Kasundra, Gabriel Sroka, Jon Saperia, David Bantz, Mikael Linden, Marlena Erdos, Peter Schober and others. The editor of the MACE-Dir working group, Keith Hazelton, would like to thank them and the many others who helped bring this effort to completion. This version also had the benefit of comments from several of the NMI Testbed institutions. Three that deserve special mention are Georgia State University, the University of Alabama at Birmingham and the University of Michigan. Special thanks to Internet2 staff members for their invaluable assistance over the years, Ben Chinowsky, Renee Frost, Lisa Hogeboom, Nate Klingenstein, Steve Olshansky, Jessica Bibbee, Ellen Vaughan and Emily Eisbruch.

...