Shibboleth Attribute Release policy summary

From RavenWiki
Revision as of 13:25, 12 September 2007 by jw99 (talk | contribs) (Make clear that misStatus is stored in lookup)
Jump to navigationJump to search
ShibbolethLogoColorSmall.png
WARNING: This page is retained as a historical record but is out-of-date and is not being maintained.

This was a working document belonging to the Computing Service's Shibboleth Development Project. This project is complete (Raven now supports Shibboleth) and this document only remains for historical and reference purposes. Be aware that it is not being maintained and may be misleading if read out of context.
  • eduPerson Principal Name (eduPersonPrincipalName) with the value <crsid>@cam.ac.uk, and an apropriate Anonymous Identifier (eduPersonTargetedID), to any SP that requests them on behalf of anyone with a Raven account.
  • Status (eduPersonScopedAffiliation) with the value member@cam.ac.uk to any SP that requests it on behalf of anyone who appears in lookup.
  • Entitlement (eduPersonEntitlement):
    • to the EduServ Shibboleth to Athens gateway
      • with a value of cam#default0 on behalf of anyone who is not members of lookup group 100925, and who has a misStatus in lookup of 'staff' or 'student' or who is a member of lookup group 100926 (this represents the group of people entitled to access Athens-protected electronic resources).
      • with a value of cam#aaemo on behalf of anyone who is not members of lookup group 100925 and who is a member of lookup group 100927 (this represents the collection of people entitled to access 'medically restricted' Athens-protected electronic resources).
    • to EDINA Film&Sound olnline
  • Forename (givenName), Surname (sn), Registered Name (cn), Display Name (displayName), Institution (ou), E-mail (mail), lookup group (groupID) with values derived from lookup (subject to each user's choice of suppression) for anyone who appears in lookup