Changes between Initial Version and Version 1 of IamUaArp


Ignore:
Timestamp:
06/13/11 09:44:23 (13 years ago)
Author:
jpmitchell@…
Comment:

--

Legend:

Unmodified
Added
Removed
Modified
  • IamUaArp

    v1 v1  
     1== University of Alaska Identity Provider attribute release information == 
     2 
     3One of the most powerful aspects of Shibboleth-based Identity Provider (IdP) is the ability to release selected information about the person to a relying application. A relying application will not see your username and password but instead refer you back to the UA IdP to authenticate ("log in"). If you successfully authenticate ("log in") to the IdP, the IdP asserts a set of attributes about you back to the relying application using a standard protocol (SAML). Different applications can receive different information; in fact, some applications will not receive personally identifiable information about the person that has authenticated. 
     4 
     5 
     6== Attributes == 
     7The following explains some of terminology related to our attribute release policies. Other attributes based on data in the UA Directory (EDIR) (e.g., major, email addresses, office location, employee type) could be released as and if appropriate for other applications. 
     8 
     9'''!DisplayName''' - this is typically a concatenation of your first and last name; it is based on your legal surname and preferred first name as recorded in UA's Human Resources and/or Student Information Systems (Banner). For example: John Doe. 
     10 
     11'''eduPersonAffiliation''' - one or more of the following: Student, Employee, Staff, Faculty, Member, or Affiliate. Member designates a person who is part of the University of Alaska and generally entitled to information services, even if not formally a student or employee; it includes campus-based researchers with external funding, faculty emeriti, and some others. Affiliate designates merely that the person has a record in the UA IdP, but is not automatically eligible for services, and may be used for those with a limited specific affiliation with UA such as short-term guests. 
     12 
     13'''eduPersonEntitlement''' - this designates permissions or entitlements based on your role(s) at UA, and may additionally be scoped to a department or (in the future) course. For example: for a student in Chemistry at UAF-main campus, learner@urn:mace:alaska.edu:itunesu:UAF - Main Campus:Chemistry 
     14 
     15'''EPPN''' (eduPersonPrincipalName) - A unique identifier comprised of your UA username followed by "@alaska.edu". For example: jpjones@alaska.edu. 
     16 
     17'''eduPersonTargetedID''' - An opaque identifier unique to the combination of the authenticated person and the application; because it is different for each application, and does not itself reveal the identity of the user, it enables the application to track preferences or make bookmarks for the user, but does not enable that use information to be correlated with use in other applications or to a real person. For example: 84e411ea-7daa-4a57-bbf6-b5cc52981b73 
     18 
     19'''UA Username''' (UASystemID) - the unique name-based identifier commonly used for UA login and account ids. For example: jpmorgan 
     20 
     21 
     22== Applications == 
     23The following applications rely on the UA IdP for authentication and receive the information (attributes) indicated upon successful authentication (login). 
     24 
     25'''EZProxy''' (access to Library licensed scholarly databases) 
     26 
     27Attributes released by UA IdP: EPPN, eduPersonEntitlement and standard values of eduPersonAffiliation 
     28 
     29'''Google''' (Google Apps for Higher Ed, including email, calendar, docs; currently only in proof-of-concept) 
     30 
     31Attributes released by UA IdP: UA Username 
     32 
     33'''iTunesU''' (University of Alaska section for podcasts in Apple's iTunes) 
     34 
     35Attributes released by UA IdP: EPPN, Transient ID, eduPersonTargetedID (old format), eduPersonEntitlement 
     36 
     37'''Spaces''' (Internet2 wiki at spaces.internet2.edu) 
     38 
     39Attributes released by UA IdP: EPPN, eduPersonEntitlement and standard values of eduPersonAffiliation 
     40 
     41'''Dreamspark''' (Microsoft's full suite of software development tools) 
     42 
     43Attributes released by UA IdP: (none!) 
     44 
     45'''EDUCAUSE''' (EDUCAUSE Portal) 
     46 
     47Attributes released by UA IdP: eduPersonTargetedID (PersistentID), EPPN, surname, givenName, email, eduPersonScopedAffiliation (affiliation@alaska.edu) 
     48 
     49'''Right Answers''' (Help Desk Knowledgebase Portal) 
     50 
     51Attributes released by UA IdP: uasystemid (UA Username), isMemberOf (Group Membership), eduPersonAffiliation