Page tree

Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: clean URL


Document: internet2-mace-dir-eduperson-201602
Home: 
http
https://
software
wiki.
internet2
refeds.
edu
org/
eduperson/internet2-mace-dir-eduperson-201602.html
x/KgCuAg

Internet2 Middleware Architecture Committee for Education, Directory Working Group (MACE-Dir)

Released: March 9, 2016

 


Copyright © 2016 by Internet2 and/or the respective authors

Comments to: schema-discuss@lists.refeds.org

 

eduPerson Object Class Specification (201602)

Status of this document 

The (201602) version of the eduPerson object class specification is described in this document. This version is appropriate for adoption in a production enterprise directory service environment.

0. Table of Contents

1. 

Introduction

44957737
1.

1. General Remarks
1.

2. Identifier Concepts
1.

3. Scope

2 eduPerson

2. eduPerson Object Class and Attributes
2

.1 eduPerson Object Class Definition

.1. 44957737
2.

2 eduPerson Attribute Definitions

2. 44957737
2.2.1.

 eduPersonAffiliation

 44957737
2.2.2.

 eduPersonEntitlement

 44957737
2.2.3.

 eduPersonNickname 

 44957737 
2.2.4.

 eduPersonOrgDN

 eduPersonOrgDN
2.2.5.

 eduPersonOrgUnitDN 

 eduPersonOrgUnitDN 
2.2.6.

 eduPersonPrimaryAffiliation

 eduPersonPrimaryAffiliation
2.2.7.

 eduPersonPrimaryOrgUnitDN

 eduPersonPrimaryOrgUnitDN
2.2.8.

 eduPersonPrincipalName

 44957737
2.2.9.

 eduPersonPrincipalNamePrior

 eduPersonPrincipalNamePrior
2.2.10.

 eduPersonScopedAffiliation

 44957737
2.2.11.

 eduPersonTargetedID

 44957737
2.2.12.

 eduPersonAssurance

 44957737
2.2.

13  eduPersonUniqueId

13.  eduPersonUniqueId
2.2.

14  eduPersonOrcid

14.  44957737
3.

 Comments on Other Common Person Attributes

 44957737
3.1.

 audio

 44957737
3.2.

 cn 

 cn (commonName)
3.3.

 description

 44957737
3.4.

 displayName

 44957737
3.5.

 facsimileTelephoneNumber

 facsimileTelephoneNumber
3.6.

 givenName

 givenName
3.7.

 homePhone

 44957737
3.8.

 homePostalAddress

 homePostalAddress
3.9.

 initials

 initials

3.10.
 jpegPhoto
 jpegPhoto
3.11.
 localityName
 44957737 (localityName)
3.12.
 labeledURI
 44957737
3.13.
 mail 
 44957737 
3.14.
 manager
 44957737
3.15.
 mobile 
 44957737 
3.16.
 o
 o (organizationName)
3.17.
 ou
 44957737 (organizationalUnitName)
3.18.
 pager
 44957737
3.19.
 postalAddress
 44957737
3.20.
 postalCode
 44957737
3.21.
 postOfficeBox
 postOfficeBox
3.22.
 preferredLanguage
 preferredLanguage
3.23.
 seeAlso
 seeAlso
3.24.
 sn 
 sn (surname)
3.25.
 st
 44957737 (stateOrProvinceName)
3.26.
 street
 44957737
3.27.
 telephoneNumber
 telephoneNumber
3.28.
 title
 44957737
3.29.
 uid
 44957737
3.30.
 uniqueIdentifier
 uniqueIdentifier
3.31.
 userCertificate
 userCertificate
3.32.
 userPassword
 44957737
3.33.
 userSMIMECertificate
 userSMIMECertificate
3.34.
 x500uniqueIdentifier
 x500uniqueIdentifier
4.
 Change
 Change Log


5.
 References
 44957737
6.
 Acknowledgments
 Acknowledgments


1.
Anchor
Introduction
Introduction
Introduction

1.1

Anchor
General Remarks
General Remarks
General Remarks

...

If widespread agreement and implementation of this object class in campus directories is achieved, a broad and powerful new class of higher education applications can be more easily deployed. Additional information on eduPerson, including LDIF for implementing the object class and attributes, is available at its home on the web: http://www.educause.edu/eduperson/.

1.2

Anchor
Identifier Concepts
Identifier Concepts
Identifier Concepts

...

An identifier that is human-palatable is intended to be rememberable and reproducible by typical human users, in contrast to identifiers that are, for example, randomly generated sequences of bits.

1.3

Anchor
Scope
Scope
Scope

The eduPersonPrincipalName, eduPersonPrincipalNamePrior, eduPersonScopedAffiliation, and eduPersonUniqueId attribute definitions found below make use of the concept of scope. The meaning of scope is specific to the attribute to which it is attached and can vary from one attribute to another.

...

2.
Anchor
eduPerson Object Class and Attributes
eduPerson Object Class and Attributes
eduPerson Object Class and Attributes

2.1
Anchor
eduPerson Object Class Definition
eduPerson Object Class Definition
eduPerson Object Class Definition

All eduPerson-defined attribute names are prefaced with "eduPerson." The eduPerson auxiliary object class contains all of them as "MAY" attributes:

( 1.3.6.1.4.1.5923.1.1.2
        NAME 'eduPerson'
        AUXILIARY
        MAY ( eduPersonAffiliation $  
                    eduPersonNickname $
                    eduPersonOrgDN $
                    eduPersonOrgUnitDN $
                    eduPersonPrimaryAffiliation $
                    eduPersonPrincipalName $
                    eduPersonEntitlement $
                    eduPersonPrimaryOrgUnitDN $
                    eduPersonScopedAffiliation $
                    eduPersonTargetedID $
                    eduPersonAssurance $
                    eduPersonPrincipalNamePrior $
                    eduPersonUniqueId )
                    eduPersonOrcid )
)

...

)
)

...

2.2.
Anchor
eduPerson Attribute Definitions
eduPerson Attribute Definitions
eduPerson Attribute Definitions

Attributes in the following section were newly defined for eduPerson. Each entry specifies the version in which the attribute was first defined.

...

2.2.1.

Anchor
eduPersonAffiliation
eduPersonAffiliation
eduPersonAffiliation(defined in eduPerson 1.0);OID:1.3.6.1.4.1.5923.1.1.1.1

...

Syntax: directoryString;Indexing:pres, eq

...

Anchor
eduPersonEntitlement
eduPersonEntitlement

2.2.2. eduPersonEntitlement(defined in eduPerson 200210); OID:1.3.6.1.4.1.5923.1.1.1.7

...

Syntax: directoryString; Indexing:No recommendation

...

2.2.3.

Anchor
eduPersonNickname
eduPersonNickname
eduPersonNickname (defined in eduPerson 1.0); OID:1.3.6.1.4.1.5923.1.1.1.2

...

Syntax: directoryString;Indexing:pres, eq, sub

...

2.2.4.

Anchor
eduPersonOrgDN
eduPersonOrgDN
eduPersonOrgDN (defined in eduPerson 1.0); OID:1.3.6.1.4.1.5923.1.1.1.3

...

Syntax: distinguishedName;Indexing:No recommendation

...

2.2.5.

Anchor
eduPersonOrgUnitDN
eduPersonOrgUnitDN
eduPersonOrgUnitDN (defined in eduPerson 1.0); OID:1.3.6.1.4.1.5923.1.1.1.4

...

Syntax: distinguishedName;Indexing:eq

...

2.2.6.

Anchor
eduPersonPrimaryAffiliation
eduPersonPrimaryAffiliation
eduPersonPrimaryAffiliation(defined in eduPerson 1.0);

...

Syntax: directoryString;Indexing:pres, eq, sub

...

2.2.7.

Anchor
eduPersonPrimaryOrgUnitDN
eduPersonPrimaryOrgUnitDN
eduPersonPrimaryOrgUnitDN(defined in eduPerson 200210); OID:1.3.6.1.4.1.5923.1.1.1.8

...

Syntax: distinguishedName;Indexing:eq

...

2.2.8.

Anchor
eduPersonPrincipalName
eduPersonPrincipalName
eduPersonPrincipalName(defined in eduPerson 1.0); OID:1.3.6.1.4.1.5923.1.1.1.6

...

Indexing:pres, eq, sub


...

2.2.9.

Anchor
eduPersonPrincipalNamePrior
eduPersonPrincipalNamePrior
eduPersonPrincipalNamePrior(defined in eduPerson 201211);OID:1.3.6.1.4.1.5923.1.1.1.12

...

Indexing: pres, eq, sub

...

2.2.10. 

Anchor
eduPersonScopedAffiliation
eduPersonScopedAffiliation
eduPersonScopedAffiliation(defined in eduPerson (200312)); OID:1.3.6.1.4.1.5923.1.1.1.9

...

Syntax: directoryString;Indexing:pres, eq

...

2.2.11.

Anchor
eduPersonTargetedID
eduPersonTargetedID
eduPersonTargetedID(defined in eduPerson 200312); OID:1.3.6.1.4.1.5923.1.1.1.10

...

Identity or service providers or directory-enabled applications with the need to link an external account to an internal account maintained within their own system. This attribute is often used to represent a long-term account linking relationship between an identity provider and service provider(s) (or other identity/attribute provider).

...

2.2.12.

Anchor
eduPersonAssurance
eduPersonAssurance
eduPersonAssurance(defined in eduPerson 200806);OID:1.3.6.1.4.1.5923.1.1.1.11

...

Syntax: directoryString;Indexing:No recommendation

...

2.2.13.

Anchor
eduPersonUniqueId
eduPersonUniqueId
eduPersonUniqueId(defined in eduPerson 201305);OID:1.3.6.1.4.1.5923.1.1.1.13

...

Indexing: pres, eq

...

2.2.14.

Anchor
eduPersonOrcid
eduPersonOrcid
eduPersonOrcid(defined in eduPerson 201602);OID:1.3.6.1.4.1.5923.1.1.1.16

...

Syntax: directoryString;

Indexing: pres, eq

...

3.

Anchor
Comments on Other Common Person Attributes
Comments on Other Common Person Attributes
Comments on Other Common Person Attributes

The attributes in the following section are from other standard object classes or attribute definitions. It is not a complete list of such attributes, but in any case where the eduPerson working group considered that some comment was needed to clarify the meaning or utility of an attribute, it can be found here. For details on the syntax and other aspects of these attributes, see the appropriate standards documents.

...

3.1. .

Anchor
audio
audio
audio (defined in RFC2798, inetOrgPerson); OID:0.9.2342.19200300.100.1.55

...

Avoid. Not clearly defined, no de facto standard.

...

3.2.

Anchor
cn
cn
cn (commonName, included in person); OID:2.5.4.3

...

cn: Mary Francis Xavier

...

3.3.

Anchor
description
description
description (included in person); OID:2.5.4.13

...

description: A jolly good felon

...

3.4.

Anchor
displayName
displayName
displayName (defined in RFC2798, inetOrgPerson); OID:2.16.840.1.113730.3.1.241

...

displayName: Jack Dougherty

...

3.5.

Anchor
facsimileTelephoneNumber
facsimileTelephoneNumber
facsimileTelephoneNumber(defined in RFC4519, included in orgPerson); OID:2.5.4.23

...

facsimileTelephoneNumber: +44 71 123 4567

...

3.6.

Anchor
givenName
givenName
givenName (defined in RFC4519, inetOrgPerson); OID:2.5.4.42

...

Example (LDIF Fragment) 

givenName: Stephen

...

3.7.

Anchor
homePhone
homePhone
homePhone (defined in RFC2798, inetOrgPerson); OID:0.9.2342.19200300.100.1.20

...

homePhone: +1 608 555 1212

...

3.8.

Anchor
homePostalAddress
homePostalAddress
homePostalAddress (defined in RFC2798, inetOrgPerson); OID:0.9.2342.19200300.100.1.39

...

homePostalAddress: 1212 Como Ave.$Midton, SD 45621$USA

...

3.9.

Anchor
initials
initials
initials (defined in RFC4519, inetOrgPerson); OID:2.5.4.43

...

Example (LDIF Fragment) 

initials: f x

...

3.10.

Anchor
jpegPhoto
jpegPhoto
jpegPhoto (defined in RFC2798, inetOrgPerson); OID:0.9.2342.19200300.100.1.60

...

Example applications for which this attribute would be useful 

white pages

...

3.11. l

Anchor
#l
#l
(localityName, defined in RFC4519, included in orgPerson); OID:2.5.4.7

...

Example (LDIF Fragment) 

l: Hudson Valley

...

3.12.

Anchor
labeledURI
labeledURI
labeledURI (defined in RFC2798, inetOrgPerson); OID:1.3.6.1.4.1.250.1.57

...

labeledURI: http://www.hsww.wiz/%7Eputter Harry's home page

...

3.13.

Anchor
mail
mail
mail (defined in RFC4524, inetOrgPerson); OID:0.9.2342.19200300.100.1.3

...

mail: dumbledore@hsww.wiz

...

3.14.

Anchor
manager
manager
manager (defined in RFC4524, inetOrgPerson); OID:0.9.2342.19200300.100.1.10

...

manager: uid=twilliams, ou=people, dc=hobart, dc=edu

...

3.15.

Anchor
mobile
mobile
mobile (defined in RFC4524, inetOrgPerson); OID:0.9.2342.19200300.100.1.41

...

mobile: +47 22 44 66 88

...

3.16.

Anchor
o
o
(organizationName, defined in RFC2798, inetOrgPerson); OID:2.5.4.10

...

Example (LDIF Fragment) 

o: St. Cloud State

...

3.17.

Anchor
ou
ou
ou (organizationalUnitName, included in orgPerson); OID:2.5.4.11

...

Example (LDIF Fragment) 

ou: Faculty Senate

...

3.18.

Anchor
pager
pager
pager (defined in RFC4524, inetOrgPerson); OID:0.9.2342.19200300.100.1.42

...

Example (LDIF Fragment) 

pager: +1 202 555 4321

...

3.19. .19.

Anchor
postalAddress
postalAddress
postalAddress (included in orgPerson); OID:2.5.4.16

...

postalAddress: P.O. Box 333$Whoville, WH 99999$USA

...

3.20.

Anchor
postalCode
postalCode
postalCode (included in orgPerson); OID:2.5.4.17

...

Example (LDIF Fragment) 

postalCode: 54321

...

3.21.

Anchor
postOfficeBox
postOfficeBox
postOfficeBox (RFC4519, included in orgPerson); OID:2.5.4.18

...

postOfficeBox: 109260

...

3.22.

Anchor
preferredLanguage
preferredLanguage
preferredLanguage (defined in RFC2798, inetOrgPerson); OID:2.16.840.1.113730.3.1.39

...

preferredLanguage: EO

...

3.23.

Anchor
seeAlso
seeAlso
seeAlso (RFC4519, included in person); OID:2.5.4.34

...

seeAlso: cn=Department Chair, ou=physics, o=University of Technology, dc=utech, dc=ac, dc=uk

...

3.24.

Anchor
sn
sn
sn (surname, RFC4519, included in person); OID:2.5.4.4

...

sn: Carson-Smith
sn: Carson
sn: Smith

...

3.25.

Anchor
st
st
st (stateOrProvinceName, RFC4519, included in orgPerson); OID:2.5.4.8

...

Example (LDIF Fragment) 

st: IL

...

3.26.

Anchor
street
street
street (RFC4519, included in orgPerson); OID:2.5.4.9

...

street: 303 Mulberry St.

...

3.27.

Anchor
telephoneNumber
telephoneNumber
telephoneNumber (included in person); OID:2.5.4.20

...

telephoneNumber: +1 212 555 1234

...

3.28.

Anchor
title
title
title (RFC4519, included in orgPerson); OID:2.5.4.12

...

title: Assistant Vice-Deputy for Redundancy Reduction

...

3.29.

Anchor
uid
uid
uid (defined in RFC4519, inetOrgPerson); OID:0.9.2342.19200300.100.1.1

...

Example (LDIF Fragment) 

uid: gmettes

...

3.30.

Anchor
uniqueIdentifier
uniqueIdentifier
uniqueIdentifier (RFC4524); OID:0.9.2342.19200300.100.1.44

...

Avoid. UniqueIdentifier should not be reused because RFC4524 states "The domain within which the identifier is unique and the exact semantics of the identifier are for local definition."

...

3.31.

Anchor
userCertificate
userCertificate
userCertificate (defined in RFC2798, inetOrgPerson); OID:2.5.4.36

...

email clients, controlling access to resources

...

3.32.

Anchor
userPassword
userPassword
userPassword (RFC4519, included in person); OID:2.5.4.35

...

controlling access to resources

...

3.33.

Anchor
userSMIMECertificate
userSMIMECertificate
userSMIMECertificate(defined in RFC2798, inetOrgPerson); OID:2.16.840.1.113730.3.1.40

...

Example applications for which this attribute would be useful 

email clients

...

3.34.

Anchor
x500uniqueIdentifier
x500uniqueIdentifier
x500uniqueIdentifier(defined in RFC2798, inetOrgPerson); OID:2.5.4.45

...

Avoid. X500UniqueIdentifier syntax is specified as bit string, and that is not likely to be a good fit for many of the institutional attribute value choices, especially as part of the DN.

...

4.

Anchor
Change Log
Change Log
Change Log

This section lists changes that have been made from version to version of eduPerson.

...

  • 1. Document Status and Introductory sections have been added.

  • 2. Attention called to the change of the eduPerson object class from structural to auxiliary

  • 3. Subsection headings for empty fields deleted..

  • 4. Indexing recommendations for the eduPerson attributes has been improved and corrected in many cases.

  • 5. The syntax notes for the eight eduPerson attributes have been corrected and they now match the LDIF file. DirectoryString is used for five eduPerson attributes. The other three contain distinguished names, so they use distinguishedName syntax.

  • 6. RFC2252 style definitions have been included for the eduPerson object class itself and for each of the eduPerson attributes.

  • 7. Two new attributes are defined: eduPersonEntitlement and eduPersonPrimaryOrgUnitDN.

  • 8. The notes on the c (country) attribute have been deleted since c is not contained in any of the referenced object classes.

  • 9. Notes have been added for several additional attributes from the standard person object classes. These include audio, manager, title, uniqueIdentifier and x500UniqueIdentifier.

  • 10. Notes on userCertificate and userSMIMECertificate have been rewritten. 

  • 11. Clarifying text added in sections 1.3 and 2.2.8

...

5.

Anchor
References
References
References


...

6.

Anchor
Acknowledgments
Acknowledgments
Acknowledgments

MACE members and others who contributed many hours to the definition of this object class include Rob Banz, Tom Barton, Brendan Bellina, Scott Cantor, Steven Carmody, Michael Gettes, Paul Hill, Ken Klingenstein, RL "Bob" Morgan (RIP), Todd Piket, David Wasley, Ann West, Ignacio Coupeau, Leif Johannson, Hallvard Furuseth, Diego Lopez, Roland Hedberg, Ingrid Melve, Alistair Young, Peter Gietz, Mark Jones, Nathan Dors, Tom Scavo, Lynn McRae, Chad La Joie, Katheryn Strojny, Kathryn Huxtable, Digant Kasundra, Gabriel Sroka, Jon Saperia, David Bantz, Mikael Linden, Marlena Erdos, Peter Schober and others. The editor of the MACE-Dir working group, Keith Hazelton, would like to thank them and the many others who helped bring this effort to completion. This version also had the benefit of comments from several of the NMI Testbed institutions. Three that deserve special mention are Georgia State University, the University of Alabama at Birmingham and the University of Michigan. Special thanks to Internet2 staff members for their invaluable assistance over the years, Ben Chinowsky, Renee Frost, Lisa Hogeboom, Nate Klingenstein, Steve Olshansky, Jessica Bibbee, Ellen Vaughan and Emily Eisbruch.

...