Shibboleth Attribute Release policy summary: Difference between revisions

From RavenWiki
Jump to navigationJump to search
(Updated to match reality)
(Update to match reality)
Line 1: Line 1:
{{shib-project}}
{{shib-project}}


* '''Anonymous Identifier''' (eduPersonTargetedID), '''Status''' (eduPersonScopedAffiliation), and '''eduPerson Principal Name (eduPersonPrincipalName)''' released to any SP that requests them.
* '''eduPerson Principal Name''' (eduPersonPrincipalName) with the value ''<crsid>@cam.ac.uk'', and an apropriate    '''Anonymous Identifier''' (eduPersonTargetedID), to any SP that requests them on behalf of anyone with a Raven account.
* '''Status''' (eduPersonScopedAffiliation) with the value ''member@cam.ac.uk'' to any SP that requests it on behalf of anyone who appears in lookup.
* '''Entitlement''' (eduPersonEntitlement):
* '''Entitlement''' (eduPersonEntitlement):
** to '''the EduServ Shibboleth to Athens gateway'''
** to '''the EduServ Shibboleth to Athens gateway'''
*** values of ''cam#default0'' on behalf of anyone entitled to access Athens-protected electronic resources (in particular, members of lookup group [http://www.lookup.cam.ac.uk/group/100926 100926] who are not members of [http://www.lookup.cam.ac.uk/group/100925 100925])
*** with a value of ''cam#default0'' on behalf of anyone who is not members of lookup group [http://www.lookup.cam.ac.uk/group/100925 100925], and who has a misStatus of 'staff' or 'student' or who is a member of lookup group [http://www.lookup.cam.ac.uk/group/100926 100926] (this represents the group of people entitled to access Athens-protected electronic resources).
*** values of ''cam#aaemo'' on behalf of anyone entitled to access 'medically restricted' material (in particular, members of lookup group [http://www.lookup.cam.ac.uk/group/100927 100927] who are not members of [http://www.lookup.cam.ac.uk/group/100925 100925])
*** with a value of ''cam#aaemo'' on behalf of anyone who is not members of lookup group [http://www.lookup.cam.ac.uk/group/100925 100925] and who is a member of lookup group [http://www.lookup.cam.ac.uk/group/100927 100927] (this represents the collection of people entitled to access 'medically restricted' Athens-protected electronic resources).
** to '''EDINA Film and Sound olnline'''
** to '''EDINA Film&Sound olnline'''
*** a value of ''urn:mace:ac.uk:sdss.ac.uk:entitlement:emol.sdss.ac.uk:restricted'' on behalf of anyone entitled to access 'medically restricted' material (in particular, members of lookup group [http://www.lookup.cam.ac.uk/group/100927 100927])
*** with a value of ''urn:mace:ac.uk:sdss.ac.uk:entitlement:emol.sdss.ac.uk:restricted'' on behalf of anyone who is a member of lookup group [http://www.lookup.cam.ac.uk/group/100927 100927] (this represents the collection of people entitled to access 'medically restricted' material on Film&Sound)
* '''Forename''' (givenName), '''Surname''' (sn), '''Registered Name''' (cn), '''Display Name''' (displayName), '''Institution''' (ou), '''E-mail''' (mail), '''lookup group''' (groupID)
* '''Forename''' (givenName), '''Surname''' (sn), '''Registered Name''' (cn), '''Display Name''' (displayName), '''Institution''' (ou), '''E-mail''' (mail), '''lookup group''' (groupID) with values derived from lookup (subject to each user's choice of suppression) for anyone who appears in lookup
** to '''CS Development server''' https://mnementh.csi.cam.ac.uk/shibboleth
** to '''CS Development server''' https://mnementh.csi.cam.ac.uk/shibboleth

Revision as of 15:17, 4 September 2007

ShibbolethLogoColorSmall.png
WARNING: This page is retained as a historical record but is out-of-date and is not being maintained.

This was a working document belonging to the Computing Service's Shibboleth Development Project. This project is complete (Raven now supports Shibboleth) and this document only remains for historical and reference purposes. Be aware that it is not being maintained and may be misleading if read out of context.
  • eduPerson Principal Name (eduPersonPrincipalName) with the value <crsid>@cam.ac.uk, and an apropriate Anonymous Identifier (eduPersonTargetedID), to any SP that requests them on behalf of anyone with a Raven account.
  • Status (eduPersonScopedAffiliation) with the value member@cam.ac.uk to any SP that requests it on behalf of anyone who appears in lookup.
  • Entitlement (eduPersonEntitlement):
    • to the EduServ Shibboleth to Athens gateway
      • with a value of cam#default0 on behalf of anyone who is not members of lookup group 100925, and who has a misStatus of 'staff' or 'student' or who is a member of lookup group 100926 (this represents the group of people entitled to access Athens-protected electronic resources).
      • with a value of cam#aaemo on behalf of anyone who is not members of lookup group 100925 and who is a member of lookup group 100927 (this represents the collection of people entitled to access 'medically restricted' Athens-protected electronic resources).
    • to EDINA Film&Sound olnline
  • Forename (givenName), Surname (sn), Registered Name (cn), Display Name (displayName), Institution (ou), E-mail (mail), lookup group (groupID) with values derived from lookup (subject to each user's choice of suppression) for anyone who appears in lookup
Retrieved from "https://wiki.cam.ac.uk/wiki/raven/index.php?title=Shibboleth_Attribute_Release_policy_summary&oldid=1829"