An open discussion list for topics related to the eduGAIN interfederation service.

[Niels van Dijk <niels.vandijk AT surfnet.nl>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi all,

I propose we for now settle - on the IDP side - on the attributes that
are recommended by eduGAIN:
http://www.geant.net/service/eduGAIN/resources/Documents/GN3-11-012%20eduGAIN_attribute_profile-05%2012%202013.pdf

* displayName (optional)
* common Name (optional)
* mail (required)
* edupersonaffiliation (optional)
* edupersonPrincipleName (optional)
* SAML persistent NameID (required)
* eduPersonTargetedID (required)
* SchacHomeOrg (optional)
* UID (optional)

When I write optional here, it is actually that OpenConext could work
with either:
UID and SchacHomeOrg
or edupersonPrincipleName
or SAML persistent NameID

However this either/or scenario cannot be presented in SAML metadata
The same goes for Displayname and CN. OpenCOnext can use both to
deliver something usefull to the SP, but either of these is nice.

Strickly speaking SchacHomeOrgType is also recommended by eduGAIN, but
I see no usecase for that here, and there is no or no consistent
implementation available IdPs

Cheers,
Niels
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBAgAGBQJUZhj5AAoJECCFeCvee7L1hdEP+wYp03kIegs6T4Q4in6SS4Zj
ldtOk4HCqFro5LxoBodx5yNSlXtcsT9aSPh2Q30JQKXcqxngCcnrhEhGoyX0Bhzq
V+48hrTWWHWVK1knXpzSbrvBf4sbptpngzJy0rwXqVwhnlJg7nVJ5WqL7nbPGERy
qiOZfKSraF1nS68MVyAR4CtwWA8rgrqt+uYy9TBoo21u3qzXqES8oWMbnEanYmol
/Ya/RuBUaUyTZ4QwcfYRdBkbVyWkxY0qKMRnPkgYTtrHGmc+SdEfpC3gwypROpBs
GCVJWApgeuJj3nOVsZ5k5XDMyE4T2g8AeZ4Cdzcbi8zc33OYoq7W6LcDZo5okvZf
I+tRDZ22Ux4pheT6g1ZjsS+YDuHTyicDIbOxNkorJ4a+BZBRlLa3JznYA9OyNWoz
1CcbT8CKuqoID4phvTAmPR49Q1X15idsU6S95pAanGFxzvFINUZRNponyiBzm23r
2cL3i0sqBTy2o/HT3fL+hvZOfPIsJY7044IPRqrlAPKdav2yBcF/erP/7FdIrARY
BbXwyK1RNomhGngOxT/wjbfc+m9NwpG3jDNp3T7PGwIfi43tZQ9XJgvEkd4QO3Y8
vtEJHNwx+MGyZWLuc0FOvU7d3BRxupIIe6v4hr6r/06tIiwrc2ikvHuCS6AqFUa/
gDr8Y1W/7zXaZDnTgWln
=vWJw
-----END PGP SIGNATURE-----