Document: internet2-mace-dir-eduperson-201602 Home: |
https:// |
wiki. |
refeds. |
org/ |
x/KgCuAg | Internet2 Middleware Architecture Committee for Education, Directory Working Group (MACE-Dir) |
Released: March 9, 2016 |
Copyright © 2016 by Internet2 and/or the respective authors | Comments to: schema-discuss@lists.refeds.org |
eduPerson Object Class Specification (201602)
Status of this document
The (201602) version of the eduPerson object class specification is described in this document. This version is appropriate for adoption in a production enterprise directory service environment.
0. Table of Contents
1. |
44957737 |
1. General Remarks |
2. Identifier Concepts |
3. Scope |
.1. 44957737 |
2. 44957737 |
44957737 |
44957737 |
44957737 |
eduPersonOrgDN |
eduPersonOrgUnitDN |
44957737 |
eduPersonPrincipalNamePrior |
44957737 |
44957737 |
44957737 |
13. eduPersonUniqueId |
14. 44957737 |
44957737 |
44957737 |
cn (commonName) |
44957737 |
44957737 |
givenName |
44957737 |
3.10. |
jpegPhoto 3.11. |
44957737 (localityName) 3.12. |
44957737 3.13. |
44957737 3.14. |
44957737 3.15. |
44957737 3.16. |
o (organizationName) 3.17. |
44957737 (organizationalUnitName) 3.18. |
44957737 3.19. |
44957737 3.20. |
44957737 3.21. |
postOfficeBox 3.22. |
preferredLanguage 3.23. |
seeAlso 3.24. |
sn (surname) 3.25. |
44957737 (stateOrProvinceName) 3.26. |
44957737 3.27. |
telephoneNumber 3.28. |
44957737 3.29. |
44957737 3.30. |
uniqueIdentifier 3.31. |
userCertificate 3.32. |
44957737 3.33. |
userSMIMECertificate 3.34. |
x500uniqueIdentifier 4. |
Change Log |
44957737 6. |
Acknowledgments |
1.
Anchor | ||||
---|---|---|---|---|
|
1.1.
General Remarks Anchor General Remarks General Remarks
...
If widespread agreement and implementation of this object class in campus directories is achieved, a broad and powerful new class of higher education applications can be more easily deployed. Additional information on eduPerson, including LDIF for implementing the object class and attributes, is available at its home on the web: http://www.educause.edu/eduperson/.
1.2.
Identifier Concepts Anchor Identifier Concepts Identifier Concepts
...
An identifier that is human-palatable is intended to be rememberable and reproducible by typical human users, in contrast to identifiers that are, for example, randomly generated sequences of bits.
1.3.
Scope Anchor Scope Scope
The eduPersonPrincipalName, eduPersonPrincipalNamePrior, eduPersonScopedAffiliation, and eduPersonUniqueId attribute definitions found below make use of the concept of scope. The meaning of scope is specific to the attribute to which it is attached and can vary from one attribute to another.
...
2.
Anchor | ||||
---|---|---|---|---|
|
2.1.
Anchor | ||||
---|---|---|---|---|
|
All eduPerson-defined attribute names are prefaced with "eduPerson." The eduPerson auxiliary object class contains all of them as "MAY" attributes:
( 1.3.6.1.4.1.5923.1.1.2
NAME 'eduPerson'
AUXILIARY
MAY ( eduPersonAffiliation $
eduPersonNickname $
eduPersonOrgDN $
eduPersonOrgUnitDN $
eduPersonPrimaryAffiliation $
eduPersonPrincipalName $
eduPersonEntitlement $
eduPersonPrimaryOrgUnitDN $
eduPersonScopedAffiliation $
eduPersonTargetedID $
eduPersonAssurance $
eduPersonPrincipalNamePrior $
eduPersonUniqueId )
eduPersonOrcid )
)
...
)
)
...
2.2.
Anchor | ||||
---|---|---|---|---|
|
Attributes in the following section were newly defined for eduPerson. Each entry specifies the version in which the attribute was first defined.
...
2.2.1.
eduPersonAffiliation(defined in eduPerson 1.0);OID:1.3.6.1.4.1.5923.1.1.1.1 Anchor eduPersonAffiliation eduPersonAffiliation
...
Syntax: directoryString;Indexing:pres, eq
...
Anchor | ||||
---|---|---|---|---|
|
2.2.2. eduPersonEntitlement(defined in eduPerson 200210); OID:1.3.6.1.4.1.5923.1.1.1.7
...
Syntax: directoryString; Indexing:No recommendation
...
2.2.3.
eduPersonNickname (defined in eduPerson 1.0); OID:1.3.6.1.4.1.5923.1.1.1.2 Anchor eduPersonNickname eduPersonNickname
...
Syntax: directoryString;Indexing:pres, eq, sub
...
2.2.4.
eduPersonOrgDN (defined in eduPerson 1.0); OID:1.3.6.1.4.1.5923.1.1.1.3 Anchor eduPersonOrgDN eduPersonOrgDN
...
Syntax: distinguishedName;Indexing:No recommendation
...
2.2.5.
eduPersonOrgUnitDN (defined in eduPerson 1.0); OID:1.3.6.1.4.1.5923.1.1.1.4 Anchor eduPersonOrgUnitDN eduPersonOrgUnitDN
...
Syntax: distinguishedName;Indexing:eq
...
2.2.6.
eduPersonPrimaryAffiliation(defined in eduPerson 1.0); Anchor eduPersonPrimaryAffiliation eduPersonPrimaryAffiliation
...
Syntax: directoryString;Indexing:pres, eq, sub
...
2.2.7.
eduPersonPrimaryOrgUnitDN(defined in eduPerson 200210); OID:1.3.6.1.4.1.5923.1.1.1.8 Anchor eduPersonPrimaryOrgUnitDN eduPersonPrimaryOrgUnitDN
...
Syntax: distinguishedName;Indexing:eq
...
2.2.8.
eduPersonPrincipalName(defined in eduPerson 1.0); OID:1.3.6.1.4.1.5923.1.1.1.6 Anchor eduPersonPrincipalName eduPersonPrincipalName
...
Indexing:pres, eq, sub
...
2.2.9.
eduPersonPrincipalNamePrior(defined in eduPerson 201211);OID:1.3.6.1.4.1.5923.1.1.1.12 Anchor eduPersonPrincipalNamePrior eduPersonPrincipalNamePrior
...
Indexing: pres, eq, sub
...
2.2.10.
eduPersonScopedAffiliation(defined in eduPerson (200312)); OID:1.3.6.1.4.1.5923.1.1.1.9 Anchor eduPersonScopedAffiliation eduPersonScopedAffiliation
...
Syntax: directoryString;Indexing:pres, eq
...
2.2.11.
eduPersonTargetedID(defined in eduPerson 200312); OID:1.3.6.1.4.1.5923.1.1.1.10 Anchor eduPersonTargetedID eduPersonTargetedID
...
Identity or service providers or directory-enabled applications with the need to link an external account to an internal account maintained within their own system. This attribute is often used to represent a long-term account linking relationship between an identity provider and service provider(s) (or other identity/attribute provider).
...
2.2.12.
eduPersonAssurance(defined in eduPerson 200806);OID:1.3.6.1.4.1.5923.1.1.1.11 Anchor eduPersonAssurance eduPersonAssurance
...
Syntax: directoryString;Indexing:No recommendation
...
2.2.13.
eduPersonUniqueId(defined in eduPerson 201305);OID:1.3.6.1.4.1.5923.1.1.1.13 Anchor eduPersonUniqueId eduPersonUniqueId
...
Indexing: pres, eq
...
2.2.14.
eduPersonOrcid(defined in eduPerson 201602);OID:1.3.6.1.4.1.5923.1.1.1.16 Anchor eduPersonOrcid eduPersonOrcid
...
Syntax: directoryString;
Indexing: pres, eq
...
3.
Comments on Other Common Person Attributes Anchor Comments on Other Common Person Attributes Comments on Other Common Person Attributes
The attributes in the following section are from other standard object classes or attribute definitions. It is not a complete list of such attributes, but in any case where the eduPerson working group considered that some comment was needed to clarify the meaning or utility of an attribute, it can be found here. For details on the syntax and other aspects of these attributes, see the appropriate standards documents.
...
3.1. .
audio (defined in RFC2798, inetOrgPerson); OID:0.9.2342.19200300.100.1.55 Anchor audio audio
...
Avoid. Not clearly defined, no de facto standard.
...
3.2.
cn (commonName, included in person); OID:2.5.4.3 Anchor cn cn
...
cn: Mary Francis Xavier
...
3.3.
description (included in person); OID:2.5.4.13 Anchor description description
...
description: A jolly good felon
...
3.4.
displayName (defined in RFC2798, inetOrgPerson); OID:2.16.840.1.113730.3.1.241 Anchor displayName displayName
...
displayName: Jack Dougherty
...
3.5.
facsimileTelephoneNumber(defined in RFC4519, included in orgPerson); OID:2.5.4.23 Anchor facsimileTelephoneNumber facsimileTelephoneNumber
...
facsimileTelephoneNumber: +44 71 123 4567
...
3.6.
givenName (defined in RFC4519, inetOrgPerson); OID:2.5.4.42 Anchor givenName givenName
...
Example (LDIF Fragment)
givenName: Stephen
...
3.7.
homePhone (defined in RFC2798, inetOrgPerson); OID:0.9.2342.19200300.100.1.20 Anchor homePhone homePhone
...
homePhone: +1 608 555 1212
...
3.8.
homePostalAddress (defined in RFC2798, inetOrgPerson); OID:0.9.2342.19200300.100.1.39 Anchor homePostalAddress homePostalAddress
...
homePostalAddress: 1212 Como Ave.$Midton, SD 45621$USA
...
3.9.
initials (defined in RFC4519, inetOrgPerson); OID:2.5.4.43 Anchor initials initials
...
Example (LDIF Fragment)
initials: f x
...
3.10.
jpegPhoto (defined in RFC2798, inetOrgPerson); OID:0.9.2342.19200300.100.1.60 Anchor jpegPhoto jpegPhoto
...
Example applications for which this attribute would be useful
white pages
...
3.11. l
l (localityName, defined in RFC4519, included in orgPerson); OID:2.5.4.7 Anchor #l #l
...
Example (LDIF Fragment)
l: Hudson Valley
...
3.12.
labeledURI (defined in RFC2798, inetOrgPerson); OID:1.3.6.1.4.1.250.1.57 Anchor labeledURI labeledURI
...
labeledURI: http://www.hsww.wiz/%7Eputter Harry's home page
...
3.13.
mail (defined in RFC4524, inetOrgPerson); OID:0.9.2342.19200300.100.1.3 Anchor mail mail
...
mail: dumbledore@hsww.wiz
...
3.14.
manager (defined in RFC4524, inetOrgPerson); OID:0.9.2342.19200300.100.1.10 Anchor manager manager
...
manager: uid=twilliams, ou=people, dc=hobart, dc=edu
...
3.15.
mobile (defined in RFC4524, inetOrgPerson); OID:0.9.2342.19200300.100.1.41 Anchor mobile mobile
...
mobile: +47 22 44 66 88
...
3.16.
o (organizationName, defined in RFC2798, inetOrgPerson); OID:2.5.4.10 Anchor o o
...
Example (LDIF Fragment)
o: St. Cloud State
...
3.17.
ou (organizationalUnitName, included in orgPerson); OID:2.5.4.11 Anchor ou ou
...
Example (LDIF Fragment)
ou: Faculty Senate
...
3.18.
pager (defined in RFC4524, inetOrgPerson); OID:0.9.2342.19200300.100.1.42 Anchor pager pager
...
Example (LDIF Fragment)
pager: +1 202 555 4321
...
3.19. .19.
postalAddress (included in orgPerson); OID:2.5.4.16 Anchor postalAddress postalAddress
...
postalAddress: P.O. Box 333$Whoville, WH 99999$USA
...
3.20.
postalCode (included in orgPerson); OID:2.5.4.17 Anchor postalCode postalCode
...
Example (LDIF Fragment)
postalCode: 54321
...
3.21.
postOfficeBox (RFC4519, included in orgPerson); OID:2.5.4.18 Anchor postOfficeBox postOfficeBox
...
postOfficeBox: 109260
...
3.22.
preferredLanguage (defined in RFC2798, inetOrgPerson); OID:2.16.840.1.113730.3.1.39 Anchor preferredLanguage preferredLanguage
...
preferredLanguage: EO
...
3.23.
seeAlso (RFC4519, included in person); OID:2.5.4.34 Anchor seeAlso seeAlso
...
seeAlso: cn=Department Chair, ou=physics, o=University of Technology, dc=utech, dc=ac, dc=uk
...
3.24.
sn (surname, RFC4519, included in person); OID:2.5.4.4 Anchor sn sn
...
sn: Carson-Smith
sn: Carson
sn: Smith
...
3.25.
st (stateOrProvinceName, RFC4519, included in orgPerson); OID:2.5.4.8 Anchor st st
...
Example (LDIF Fragment)
st: IL
...
3.26.
street (RFC4519, included in orgPerson); OID:2.5.4.9 Anchor street street
...
street: 303 Mulberry St.
...
3.27.
telephoneNumber (included in person); OID:2.5.4.20 Anchor telephoneNumber telephoneNumber
...
telephoneNumber: +1 212 555 1234
...
3.28.
title (RFC4519, included in orgPerson); OID:2.5.4.12 Anchor title title
...
title: Assistant Vice-Deputy for Redundancy Reduction
...
3.29.
uid (defined in RFC4519, inetOrgPerson); OID:0.9.2342.19200300.100.1.1 Anchor uid uid
...
Example (LDIF Fragment)
uid: gmettes
...
3.30.
uniqueIdentifier (RFC4524); OID:0.9.2342.19200300.100.1.44 Anchor uniqueIdentifier uniqueIdentifier
...
Avoid. UniqueIdentifier should not be reused because RFC4524 states "The domain within which the identifier is unique and the exact semantics of the identifier are for local definition."
...
3.31.
userCertificate (defined in RFC2798, inetOrgPerson); OID:2.5.4.36 Anchor userCertificate userCertificate
...
email clients, controlling access to resources
...
3.32.
userPassword (RFC4519, included in person); OID:2.5.4.35 Anchor userPassword userPassword
...
controlling access to resources
...
3.33.
userSMIMECertificate(defined in RFC2798, inetOrgPerson); OID:2.16.840.1.113730.3.1.40 Anchor userSMIMECertificate userSMIMECertificate
...
Example applications for which this attribute would be useful
email clients
...
3.34.
x500uniqueIdentifier(defined in RFC2798, inetOrgPerson); OID:2.5.4.45 Anchor x500uniqueIdentifier x500uniqueIdentifier
...
Avoid. X500UniqueIdentifier syntax is specified as bit string, and that is not likely to be a good fit for many of the institutional attribute value choices, especially as part of the DN.
...
4.
Change Log Anchor Change Log Change Log
This section lists changes that have been made from version to version of eduPerson.
...
1. Document Status and Introductory sections have been added.
2. Attention called to the change of the eduPerson object class from structural to auxiliary
3. Subsection headings for empty fields deleted..
4. Indexing recommendations for the eduPerson attributes has been improved and corrected in many cases.
5. The syntax notes for the eight eduPerson attributes have been corrected and they now match the LDIF file. DirectoryString is used for five eduPerson attributes. The other three contain distinguished names, so they use distinguishedName syntax.
6. RFC2252 style definitions have been included for the eduPerson object class itself and for each of the eduPerson attributes.
7. Two new attributes are defined: eduPersonEntitlement and eduPersonPrimaryOrgUnitDN.
8. The notes on the c (country) attribute have been deleted since c is not contained in any of the referenced object classes.
9. Notes have been added for several additional attributes from the standard person object classes. These include audio, manager, title, uniqueIdentifier and x500UniqueIdentifier.
10. Notes on userCertificate and userSMIMECertificate have been rewritten.
11. Clarifying text added in sections 1.3 and 2.2.8
...
5.
References Anchor References References
...
6.
Acknowledgments Anchor Acknowledgments Acknowledgments
MACE members and others who contributed many hours to the definition of this object class include Rob Banz, Tom Barton, Brendan Bellina, Scott Cantor, Steven Carmody, Michael Gettes, Paul Hill, Ken Klingenstein, RL "Bob" Morgan (RIP), Todd Piket, David Wasley, Ann West, Ignacio Coupeau, Leif Johannson, Hallvard Furuseth, Diego Lopez, Roland Hedberg, Ingrid Melve, Alistair Young, Peter Gietz, Mark Jones, Nathan Dors, Tom Scavo, Lynn McRae, Chad La Joie, Katheryn Strojny, Kathryn Huxtable, Digant Kasundra, Gabriel Sroka, Jon Saperia, David Bantz, Mikael Linden, Marlena Erdos, Peter Schober and others. The editor of the MACE-Dir working group, Keith Hazelton, would like to thank them and the many others who helped bring this effort to completion. This version also had the benefit of comments from several of the NMI Testbed institutions. Three that deserve special mention are Georgia State University, the University of Alabama at Birmingham and the University of Michigan. Special thanks to Internet2 staff members for their invaluable assistance over the years, Ben Chinowsky, Renee Frost, Lisa Hogeboom, Nate Klingenstein, Steve Olshansky, Jessica Bibbee, Ellen Vaughan and Emily Eisbruch.
...