| | 1 | == University of Alaska Identity Provider attribute release information == |
| | 2 | |
| | 3 | One of the most powerful aspects of Shibboleth-based Identity Provider (IdP) is the ability to release selected information about the person to a relying application. A relying application will not see your username and password but instead refer you back to the UA IdP to authenticate ("log in"). If you successfully authenticate ("log in") to the IdP, the IdP asserts a set of attributes about you back to the relying application using a standard protocol (SAML). Different applications can receive different information; in fact, some applications will not receive personally identifiable information about the person that has authenticated. |
| | 4 | |
| | 5 | |
| | 6 | == Attributes == |
| | 7 | The following explains some of terminology related to our attribute release policies. Other attributes based on data in the UA Directory (EDIR) (e.g., major, email addresses, office location, employee type) could be released as and if appropriate for other applications. |
| | 8 | |
| | 9 | '''!DisplayName''' - this is typically a concatenation of your first and last name; it is based on your legal surname and preferred first name as recorded in UA's Human Resources and/or Student Information Systems (Banner). For example: John Doe. |
| | 10 | |
| | 11 | '''eduPersonAffiliation''' - one or more of the following: Student, Employee, Staff, Faculty, Member, or Affiliate. Member designates a person who is part of the University of Alaska and generally entitled to information services, even if not formally a student or employee; it includes campus-based researchers with external funding, faculty emeriti, and some others. Affiliate designates merely that the person has a record in the UA IdP, but is not automatically eligible for services, and may be used for those with a limited specific affiliation with UA such as short-term guests. |
| | 12 | |
| | 13 | '''eduPersonEntitlement''' - this designates permissions or entitlements based on your role(s) at UA, and may additionally be scoped to a department or (in the future) course. For example: for a student in Chemistry at UAF-main campus, learner@urn:mace:alaska.edu:itunesu:UAF - Main Campus:Chemistry |
| | 14 | |
| | 15 | '''EPPN''' (eduPersonPrincipalName) - A unique identifier comprised of your UA username followed by "@alaska.edu". For example: jpjones@alaska.edu. |
| | 16 | |
| | 17 | '''eduPersonTargetedID''' - An opaque identifier unique to the combination of the authenticated person and the application; because it is different for each application, and does not itself reveal the identity of the user, it enables the application to track preferences or make bookmarks for the user, but does not enable that use information to be correlated with use in other applications or to a real person. For example: 84e411ea-7daa-4a57-bbf6-b5cc52981b73 |
| | 18 | |
| | 19 | '''UA Username''' (UASystemID) - the unique name-based identifier commonly used for UA login and account ids. For example: jpmorgan |
| | 20 | |
| | 21 | |
| | 22 | == Applications == |
| | 23 | The following applications rely on the UA IdP for authentication and receive the information (attributes) indicated upon successful authentication (login). |
| | 24 | |
| | 25 | '''EZProxy''' (access to Library licensed scholarly databases) |
| | 26 | |
| | 27 | Attributes released by UA IdP: EPPN, eduPersonEntitlement and standard values of eduPersonAffiliation |
| | 28 | |
| | 29 | '''Google''' (Google Apps for Higher Ed, including email, calendar, docs; currently only in proof-of-concept) |
| | 30 | |
| | 31 | Attributes released by UA IdP: UA Username |
| | 32 | |
| | 33 | '''iTunesU''' (University of Alaska section for podcasts in Apple's iTunes) |
| | 34 | |
| | 35 | Attributes released by UA IdP: EPPN, Transient ID, eduPersonTargetedID (old format), eduPersonEntitlement |
| | 36 | |
| | 37 | '''Spaces''' (Internet2 wiki at spaces.internet2.edu) |
| | 38 | |
| | 39 | Attributes released by UA IdP: EPPN, eduPersonEntitlement and standard values of eduPersonAffiliation |
| | 40 | |
| | 41 | '''Dreamspark''' (Microsoft's full suite of software development tools) |
| | 42 | |
| | 43 | Attributes released by UA IdP: (none!) |
| | 44 | |
| | 45 | '''EDUCAUSE''' (EDUCAUSE Portal) |
| | 46 | |
| | 47 | Attributes released by UA IdP: eduPersonTargetedID (PersistentID), EPPN, surname, givenName, email, eduPersonScopedAffiliation (affiliation@alaska.edu) |
| | 48 | |
| | 49 | '''Right Answers''' (Help Desk Knowledgebase Portal) |
| | 50 | |
| | 51 | Attributes released by UA IdP: uasystemid (UA Username), isMemberOf (Group Membership), eduPersonAffiliation |
