Project index

AttributeMappingsTable

The following table shows the mappings of attributes into Sakai. The intent is to be able to trace which names are used where, because there are several levels of mapping involved.

Contents:

1. Attributes from Attribute Store

These are attributes which are retreived from an attribute store for a person as part of the login proceedure.

Name in OUCS LDAP

EduPerson

X.521 (2001)

RFC RFC 2798

Exported as

Shibboleth

Single?

Identifying?

oucsStatus

S

preferredMail

S

dn

S

cn

Shib-Person-commonName

M

sn

Shib-Person-surname

S

givenName

S

displayName

S

initials

Shib-InetOrgPerson-initials

S

2. Dynamic Attributes

These are dynamic attributes which are generated in the process of logging in. They are not stored.

Attribute

example

Shib-Origin-Site

urn:mace:inqueue:oucs.ox.ac.uk

Shib-Identity-Provider

urn:mace:inqueue:oucs.ox.ac.uk

Shib-Authentication-Method

urn:oasis:names:tc:SAML:1.0:am:unspecified

Shib-Application-ID

default

cookie / _saml_idp

encrypted

cookie / _shibsession_encrypted

encrypted

cookie / _shibstate_encrypted

encrypted

These cookies are shared by all ports (both http and https) on a host, so the values are commonly encrypted. Use of the cookies at the application level should be unnecessary.

3. Groups

A significant number of possible portal activities and actions involving people would benefit from the ability to reason about groups rather than individuals. For example:

There are two important distinctions here:

  1. people have roles student, academic, staff, research student
  2. there is an expectation that roles and groups slice across institutional boundaries, that the concept of a "research student in biology, bio-medicine, bio-chemistry, medicine, zoology or botany" is transportable between institutions.

(More thought needed)

4. References


-- StuartYeates 2006-06-19 14:01:13

Creative Commons License
The content of this wiki is licensed under the Creative Commons Attribution-ShareAlike 2.0 England & Wales Licence.

OSS Watch is funded by the Joint Information Systems Committee (JISC) and is situated within the Research Technologies Service (RTS) of the University of Oxford.