logins.json 30.1 KB
Newer Older
Martin van Es's avatar
WIP  
Martin van Es committed
1
{
2
    "Generic attribute profile": {
3
    "message": "This generic attributes profile many of the attributes that are in use within R&E identity federations. Note however it is unlikely you need all of these. In most cases, you should request a more specific attribute set which can be tested with the other profiles provided.",
4
5
    "profiles": {
      "account9": {
6
        "explanation": "<b>A verbose set of attributes</b><br/>You can select individual attributes below to make the profile information more specific.",
7
8
9
10
        "display": "A verbose set of attributes",
        "uid": [
          "jstiglitz"
        ],
11
12
	    "pairwise-id": "jstiglitz",
	    "subject-id": "jstiglitz",
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
        "eduPersonTargetedID": "bd0916qef0c2e675b2def4ahe6w50b7d4bb4aae",
        "schacHomeOrganization": "harvard-example.edu",
        "eduPersonPrincipalName": "stiglitz@harvard-example.edu",
        "cn": "Joseph Eugene Stiglitz",
        "givenName": "Joseph",
        "sn": "Stiglitz",
        "displayName": "Joseph Stiglitz",
        "mail": "stiglitz@harvard-example.edu",
        "homePhone": "+1 827 675 3232",
        "eduPersonOrcid": "http://orcid.org/0000-1111-2222-3333",
        "eduPersonAffiliation": [
          "member",
          "faculty",
          "student"
        ],
        "eduPersonScopedAffiliation": [
          "employee@harvard-example.edu",
          "faculty@harvard-example.edu",
          "member@harvard-example.edu"
        ],
33
34
35
36
37
38
        "isMemberOf": "urn:collab:org:aarc-project.eu",
        "eduPersonAssurance": [
            "https://refeds.org/assurance",
            "https://refeds.org/assurance/ID/unique",
            "https://refeds.org/assurance/IAP/low",
            "https://refeds.org/assurance/IAP/medium",
Niels van Dijk's avatar
Niels van Dijk committed
39
            "https://refeds.org/assurance/ATP/ePA-1m"
40
        ]        
41
42
43
      }
    }
  },
Martin van Es's avatar
WIP    
Martin van Es committed
44
  "Research and Scholarship": {
45
    "message": "<b>This is the Research and Scholarship (R&S) Section</b><br/>R&S has been designed as a simple and scalable way to release minimal amounts of required personal data to Service Providers serving the Research and Scholarship Community.<br/>The R&S accounts provide the various permutations of attributes you may recieve if you declare yourself an R&S service provider in eduGAIN",
Martin van Es's avatar
WIP    
Martin van Es committed
46
47
    "profiles": {
      "account1": {
48
        "explanation": "<b>R&S: displayName</b><br/>This profile provides a R&S compatible attribute bundle with the name of the user name being provided in the 'displayname' attribute",
49
        "display": "R&S: display name",
Martin van Es's avatar
WIP    
Martin van Es committed
50
51
52
53
54
        "eduPersonPrincipalName": "jrockefeller@idp.example.org",
        "displayName": "John D. Rockefeller",
        "mail": "John.D.Rockefeller@idp.example.org"
      },
      "account2": {
55
        "explanation": "<b>R&S: surname + givename</b></br>This profile provides a R&S compatible attribute bundle with the name of the user name being provided in seperate 'surname' and 'givenname' attributes",
56
        "display": "R&S: surname + givename",
Martin van Es's avatar
WIP    
Martin van Es committed
57
58
59
60
61
62
        "eduPersonPrincipalName": "g_ohm@idp.example.org",
        "givenName": "Georg",
        "sn": "Ohm",
        "mail": "georg.ohm@idp.example.org"
      },
      "account3": {
63
        "explanation": "<b>R&S: name and affiliation</b><br/>This profile provides a R&S compatible attribute bundle with the name of the user name being provided as 'displayname' and as seperate 'surname' and 'givenname' attributes. In addition the users affiliations are provided in the 'eduPersonScopedAffiliation' attribute",
64
        "display": "R&S: name and affiliation",
Martin van Es's avatar
WIP    
Martin van Es committed
65
66
67
        "eduPersonPrincipalName": "jweeler@idp.example.org",
        "givenName": "Joseph",
        "sn": "Weeler",
68
        "displayName": "Joseph Weeler",
Martin van Es's avatar
WIP    
Martin van Es committed
69
70
71
72
73
74
75
        "mail": "joseph.weeler@idp.example.org",
        "eduPersonScopedAffiliation": [
          "member@idp.example.org",
          "student@idp.example.org"
        ]
      },
      "account4": {
76
        "explanation": "<b>R&S: ePPN and pseudonoymous epTID identifiers</b><br/>This profile provides a R&S compatible attribute bundle with the name of the user name being provided as 'displayname' and as seperate 'surname' and 'givenname' attributes. Please note the usage of both 'eduPersonPrincipalName' (ePPN) as well as 'eduPersonTargetedID' (ePTID)  which suggest the 'eduPersonPrincipalName' may not be a stable identifier, but may be reassigned at some point",
77
        "display": "R&S: ePPN and pseudonoymous epTID identifiers",
Martin van Es's avatar
WIP    
Martin van Es committed
78
79
80
81
        "eduPersonPrincipalName": "awest@idp.example.org",
        "eduPersonTargetedID": "bd09168cf0c2e675b2def0ade6f50b7d4bb4aae",
        "givenName": "Anthony",
        "sn": "West",
82
        "displayName": "Anthony West",
Martin van Es's avatar
WIP    
Martin van Es committed
83
84
85
86
87
88
89
90
        "mail": "anthony.west@idp.example.org",
        "eduPersonScopedAffiliation": [
          "member@idp.example.org",
          "employee@idp.example.org",
          "faculty@idp.example.org"
        ]
      },
      "account5": {
91
        "explanation": "<b>R&S: display name, ePPN and transparent epTID identifiers</b><br/>This profile provides a R&S compatible attribute bundle with the name of the user name being provided in the displayname attribute. Please note the usage of both 'eduPersonPrincipalName' (ePPN)  as well as 'eduPersonTargetedID' (ePTID) which suggest the 'eduPersonPrincipalName' may not be a stable identifier, but may be reassigned at some point",
92
        "display": "R&S: display name, ePPN and transparent epTID identifiers",
Martin van Es's avatar
WIP    
Martin van Es committed
93
94
95
96
97
98
        "eduPersonPrincipalName": "bbernanke@idp.example.org",
        "eduPersonTargetedId": "bbernanke@idp.example.org",
        "displayName": "Ben Bernanke",
        "mail": "bbernanke@idp.example.org"
      },
      "account6": {
99
        "explanation": "<b>R&S: surname + givename, ePPN and transparent epTID identifiers</b><br/>This profile provides a R&S compatible attribute bundle with the name of the user name being provided as seperate 'surname' and 'givenname' attributes. Please note the usage of both 'eduPersonPrincipalName' (ePPN) as well as 'eduPersonTargetedID' (ePTID) which suggest the 'eduPersonPrincipalName' (ePPN) may not be a stable identifier, but may be reassigned at some point",
100
        "display": "R&S: surname + givename, ePPN and transparent epTID identifiers",
Martin van Es's avatar
WIP    
Martin van Es committed
101
102
103
104
105
106
107
        "eduPersonPrincipalName": "agreenspan@idp.example.org",
        "eduPersonTargetedId": "agreenspan@idp.example.org",
        "givenName": "Alan",
        "sn": "Greenspan",
        "mail": "agreenspan6@idp.example.org"
      },
      "account7": {
108
        "explanation": "<b>R&S: surname + givename, ePPN and epTID identifiers</b><br/>This profile provides a R&S compatible attribute bundle with the name of the user name being provided in the displayname attribute. Please note the usage of both 'eduPersonPrincipalName' (ePPN) as well as 'eduPersonTargetedID' (ePTID) which suggest the 'eduPersonPrincipalName' may not be a stable identifier, but may be reassigned at some point. In addition the users affiliations are provided in the 'eduPersonScopedAffiliation' attribute",
109
        "display": "R&S: surname + givename, ePPN and epTID identifiers",
Martin van Es's avatar
WIP    
Martin van Es committed
110
111
112
113
114
115
116
117
118
119
120
121
        "eduPersonPrincipalName": "am_ampere@idp.example.org",
        "eduPersonTargetedId": "am_ampere@idp.example.org",
        "displayName": "André-Marie Ampère",
        "mail": "am_ampere@idp.example.org",
        "eduPersonScopedAffiliation": [
          "employee@idp.example.org",
          "staff@idp.example.org",
          "member@idp.example.org",
          "student@idp.example.org"
        ]
      },
      "account8": {
122
123
        "explanation": "<b>R&S: surname + givename, ePPN and epTID identifiers</b><br/>This profile provides a R&S compatible attribute bundle with the name of the user name being provided as seperate 'surname' and 'givenname' attributes.Please note the usage of both 'eduPersonPrincipalName' (ePPN) as well as 'eduPersonTargetedID' (ePTID) which suggest the 'eduPersonPrincipalName' may not be a stable identifier, but may be reassigned at some point. In addition the users affiliations are provided in the 'eduPersonScopedAffiliation' attribute",
        "display": "R&S: surname + givename, ePPN and epTID identifiers",
Martin van Es's avatar
WIP    
Martin van Es committed
124
125
126
127
128
129
130
131
132
133
134
135
136
137
        "eduPersonPrincipalName": "w_rontgen@idp.example.org",
        "eduPersonTargetedId": "w_rontgen@idp.example.org",
        "givenName": "Wilhelm",
        "sn": "Röntgen",
        "mail": "w_rontgen@idp.example.org",
        "eduPersonScopedAffiliation": [
          "employee@idp.example.org",
          "staff@idp.example.org",
          "member@idp.example.org",
          "student@idp.example.org"
        ]
      }
    }
  },
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
  "REFEDs Assurance Framework profiles": {
    "message": "The REFEDs Assurance Framework profiles section contains a number of profile with a basic set of attributes a presented in the R&S Section, but now complemented with assurance information expressed in accordance with the REFEDs Assurance Framework.",
    "profiles": {
      "account101": {
        "explanation": "<b>Cappuccino</b><br/>This profile provides a R&S compatible attribute bundle with the name of the user name being provided in the 'displayname' attribute and assurance profile 'Cappuccino'",
        "display": "Cappuccino",
        "eduPersonPrincipalName": "jrockefeller@idp.example.org",
        "displayName": "John D. Rockefeller",
        "mail": "John.D.Rockefeller@idp.example.org",
        "eduPersonAssurance": [
            "https://refeds.org/assurance",
            "https://refeds.org/assurance/ID/unique",
            "https://refeds.org/assurance/IAP/low",
            "https://refeds.org/assurance/IAP/medium"
        ]
      },
      "account102": {
        "explanation": "<b>no ePPN reassign</b></br>This profile provides a R&S compatible attribute bundle with the name of the user name being provided in seperate 'surname' and 'givenname' attributes. Using the assurance profile, it is indicated the ePPN is not reassigned.",
        "display": "no ePPN reassign",
        "eduPersonPrincipalName": "g_ohm@idp.example.org",
        "givenName": "Georg",
        "sn": "Ohm",
        "mail": "georg.ohm@idp.example.org",
        "eduPersonAssurance": [
            "https://refeds.org/assurance",
            "https://refeds.org/assurance/ID/eppn-unique-no-reassign",           
            "https://refeds.org/assurance/ID/unique",
            "https://refeds.org/assurance/IAP/low",
            "https://refeds.org/assurance/IAP/medium",
            "https://refeds.org/assurance/ATP/ePA-1m"
        ]        
      },
      "account103": {
        "explanation": "<b>Cappuccino</b><br/>This profile provides a R&S compatible attribute bundle with the name of the user name being provided as 'displayname' and as seperate 'surname' and 'givenname' attributes. In addition the users affiliations are provided in the 'eduPersonScopedAffiliation' attribute. The assurance profile is again 'Cappuccino'.",
        "display": "Cappuccino",
        "eduPersonPrincipalName": "jweeler@idp.example.org",
        "givenName": "Joseph",
        "sn": "Weeler",
        "displayName": "Joseph Weeler",
        "mail": "joseph.weeler@idp.example.org",
        "eduPersonScopedAffiliation": [
          "member@idp.example.org",
          "student@idp.example.org"
        ],
        "eduPersonAssurance": [
            "https://refeds.org/assurance",
            "https://refeds.org/assurance/ID/unique",
            "https://refeds.org/assurance/IAP/low",
            "https://refeds.org/assurance/IAP/medium",
            "https://refeds.org/assurance/ATP/ePA-1m"
        ]
      },
      "account104": {
        "explanation": "<b>ePPN reassign</b><br/>This profile provides a R&S compatible attribute bundle with the name of the user name being provided as 'displayname' and as seperate 'surname' and 'givenname' attributes. Please note the usage of both 'eduPersonPrincipalName' (ePPN) as well as 'eduPersonTargetedID' (ePTID)  which suggest the 'eduPersonPrincipalName' may not be a stable identifier, but may be reassigned at some point. The latter is also indicated in teh assurance profile.",
        "display": "ePPN reassign",
        "eduPersonPrincipalName": "awest@idp.example.org",
        "eduPersonTargetedID": "bd09168cf0c2e675b2def0ade6f50b7d4bb4aae",
        "givenName": "Anthony",
        "sn": "West",
        "displayName": "Anthony West",
        "mail": "anthony.west@idp.example.org",
        "eduPersonScopedAffiliation": [
          "member@idp.example.org",
          "employee@idp.example.org",
          "faculty@idp.example.org"
        ],
        "eduPersonAssurance": [
            "https://refeds.org/assurance",
            "https://refeds.org/assurance/ID/eppn-unique-reassign-1y",           
            "https://refeds.org/assurance/ID/unique",
            "https://refeds.org/assurance/IAP/low",
            "https://refeds.org/assurance/IAP/medium",
            "https://refeds.org/assurance/ATP/ePA-1m"
        ]     
      },
      "account105": {
        "explanation": "<b>Espresso</b><br/>This profile provides a R&S compatible attribute bundle with the name of the user name being provided in the displayname attribute. Please note the usage of both 'eduPersonPrincipalName' (ePPN)  as well as 'eduPersonTargetedID' (ePTID) which suggest the 'eduPersonPrincipalName' may not be a stable identifier, but may be reassigned at some point. The assurance profile matches 'Espresso', indicating a high quality of identity proofing.",
        "display": "Espresso",
        "eduPersonPrincipalName": "bbernanke@idp.example.org",
        "eduPersonTargetedId": "29638715@idp.example.org",
        "displayName": "Ben Bernanke",
        "mail": "bbernanke@idp.example.org",
        "eduPersonAssurance": [
            "https://refeds.org/assurance",
            "https://refeds.org/assurance/ID/unique",
            "https://refeds.org/assurance/IAP/low",
            "https://refeds.org/assurance/IAP/medium",
            "https://refeds.org/assurance/IAP/high",            
            "https://refeds.org/assurance/ATP/ePA-1m"
        ]                
      },
      "account106": {
        "explanation": "<b>Beyond Espresso</b><br/>This profile provides a R&S compatible attribute bundle with the name of the user name being provided as seperate 'surname' and 'givenname' attributes. Please note the usage of both 'eduPersonPrincipalName' (ePPN) as well as 'eduPersonTargetedID' (ePTID) which suggest the 'eduPersonPrincipalName' (ePPN) may not be a stable identifier, but may be reassigned at some point. The assurance profile has all element of 'Espresso' and some additional statements",
        "display": "Beyond Espresso",
        "eduPersonPrincipalName": "agreenspan@idp.example.org",
        "eduPersonTargetedId": "agreenspan@idp.example.org",
        "givenName": "Alan",
        "sn": "Greenspan",
        "mail": "agreenspan6@idp.example.org",
        "eduPersonAssurance": [
            "https://refeds.org/assurance",
            "https://refeds.org/assurance/ID/unique",
            "https://refeds.org/assurance/ID/eppn-unique-no-reassign",
            "https://refeds.org/assurance/IAP/low",
            "https://refeds.org/assurance/IAP/medium",
            "https://refeds.org/assurance/IAP/high",
            "https://refeds.org/assurance/IAP/local-enterprise",
            "https://refeds.org/assurance/ATP/ePA-1m"
        ]  
      },
      "account107": {
        "explanation": "<b>Local Enterprise'</b><br/>This profile provides a R&S compatible attribute bundle with the name of the user name being provided in the displayname attribute. Please note the usage of both 'eduPersonPrincipalName' (ePPN) as well as 'eduPersonTargetedID' (ePTID) which suggest the 'eduPersonPrincipalName' may not be a stable identifier, but may be reassigned at some point. In addition the users affiliations are provided in the 'eduPersonScopedAffiliation' attribute. In addition, the assurance profile signals the identity proofing and credential issuance, renewal and replacement are done in a way that qualifies (or would qualify) the user to access the Home Organisation’s internal administrative systems",
        "display": "'Local Enterprise'",
        "eduPersonPrincipalName": "am_ampere@idp.example.org",
        "eduPersonTargetedId": "am_ampere@idp.example.org",
        "displayName": "André-Marie Ampère",
        "mail": "am_ampere@idp.example.org",
        "eduPersonScopedAffiliation": [
          "employee@idp.example.org",
          "staff@idp.example.org",
          "member@idp.example.org",
          "student@idp.example.org"
        ],
        "eduPersonAssurance": [
            "https://refeds.org/assurance",
            "https://refeds.org/assurance/ID/unique",
            "https://refeds.org/assurance/IAP/low",
            "https://refeds.org/assurance/IAP/medium",
            "https://refeds.org/assurance/IAP/high",  
            "https://refeds.org/assurance/IAP/local-enterprise",                      
            "https://refeds.org/assurance/ATP/ePA-1m"
        ]          
      },
      "account108": {
        "explanation": "<b>One Day Fly</b><br/>This profile provides a R&S compatible attribute bundle with the name of the user name being provided as seperate 'surname' and 'givenname' attributes.Please note the usage of both 'eduPersonPrincipalName' (ePPN) as well as 'eduPersonTargetedID' (ePTID) which suggest the 'eduPersonPrincipalName' may not be a stable identifier, but may be reassigned at some point. In addition the users affiliations are provided in the 'eduPersonScopedAffiliation' attribute. As indicated by the assurance profile, the eduPersonScopedAffiliation reflect user’s departure within one days time",
        "display": "One Day Fly",
        "eduPersonPrincipalName": "w_rontgen@idp.example.org",
        "eduPersonTargetedId": "w_rontgen@idp.example.org",
        "givenName": "Wilhelm",
        "sn": "Röntgen",
        "mail": "w_rontgen@idp.example.org",
        "eduPersonScopedAffiliation": [
          "employee@idp.example.org",
          "staff@idp.example.org",
          "member@idp.example.org",
          "student@idp.example.org"
        ],
        "eduPersonAssurance": [
            "https://refeds.org/assurance",
            "https://refeds.org/assurance/ID/unique",
            "https://refeds.org/assurance/IAP/low",
            "https://refeds.org/assurance/IAP/medium",
            "https://refeds.org/assurance/IAP/high",            
            "https://refeds.org/assurance/ATP/ePA-1d"
        ]          
      },
      "account109": {
        "explanation": "<b>Self Asserted</b><br/>This profile provides a R&S compatible attribute bundle with the name of the user name being provided in the 'displayname' attribute. The assurance profile indicated the credentials my be self asserted by the user.",
        "display": "Self Asserted",
        "eduPersonPrincipalName": "jrockefeller@idp.example.org",
        "displayName": "John D. Rockefeller",
        "mail": "John.D.Rockefeller@idp.example.org",
        "eduPersonAssurance": [
            "https://refeds.org/assurance",
            "https://refeds.org/assurance/IAP/low"
        ]
304
      }      
305
306
    }
  },
Martin van Es's avatar
WIP    
Martin van Es committed
307
  "Behaviour tests": {
308
    "message": "This is the behaviour tests Section.<br>These tests offer a range of scenarios you could encounter when engaging with identity federations 'in the wild'. Use these tests to confirm compatilbility with various attribute useage scenrios and various values of attributes which may be delivered to your Service.",
Martin van Es's avatar
WIP    
Martin van Es committed
309
310
    "profiles": {
      "account10": {
311
312
        "explanation": "<b>Multi-valued mail attribute</b><br>The email attribute is multi valued, so you may recieve more then one of them. It is up to you to decide how to handle that.",
        "display": "Test: Multi-valued mail attribute",
Martin van Es's avatar
WIP    
Martin van Es committed
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
        "uid": [
          "belfort"
        ],
        "schacHomeOrganization": "harvard-example.edu",
        "eduPersonPrincipalName": "belfort@harvard-example.edu",
        "cn": "Jordan Ross Belfort",
        "givenName": "Jordan",
        "sn": "Belfort",
        "displayName": "Jordan R. Belfort",
        "mail": [
          "Jordan.Belfort@harvard-example.edu",
          "jordan@harvard-example.edu"
        ],
        "eduPersonAffiliation": [
          "employee",
          "faculty",
          "member"
        ],
        "eduPersonScopedAffiliation": [
          "employee@harvard-example.edu",
          "faculty@harvard-example.edu",
          "member@harvard-example.edu"
        ],
        "eduPersonEntitlement": "urn:mace:dir:entitlement:common-lib-terms-example",
        "isMemberOf": "urn:collab:org:aarc-project.eu"
      },
      "account11": {
340
        "explanation": "<b>No member affiliation</b><br/>. Even though this profile is asserted by the institutional identity provider, this user is not considered to be a member (so not student, nor factuly or staff) of the institution.<br>You can (and should) use the value of eduPersonAffiliation or eduPersonScopedAffiliation to evaluate this",
341
        "display": "Test: No a member",
Martin van Es's avatar
WIP    
Martin van Es committed
342
343
344
345
346
347
348
349
350
351
        "uid": [
          "wynn"
        ],
        "schacHomeOrganization": "harvard-example.edu",
        "eduPersonPrincipalName": "wynn@harvard-example.edu",
        "cn": "Steve Alen Wynn",
        "givenName": "Steve",
        "sn": "Wynn",
        "displayName": "Steve Wynn",
        "mail": [
352
          "S.Wynn@harvard-example.edu"
Martin van Es's avatar
WIP    
Martin van Es committed
353
354
        ],
        "eduPersonAffiliation": [
355
356
          "alum", 
          "library-walk-in"
Martin van Es's avatar
WIP    
Martin van Es committed
357
358
        ],
        "eduPersonScopedAffiliation": [
359
360
          "alum@harvard-example.edu",
          "library-walk-in@harvard-example.edu"
Martin van Es's avatar
WIP    
Martin van Es committed
361
362
363
364
        ],
        "eduPersonEntitlement": "urn:mace:dir:entitlement:common-lib-terms-example",
        "isMemberOf": "urn:collab:org:aarc-project.eu"
      },
365
      "account15": {
366
        "explanation": "<b>Member only</b><br/>In this profile you can only learn about the fact that this user is a member of the institution, but not what the affilation is. This is a very common default setting",
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
        "display": "Test: Member affiliation only",
        "uid": [
          "s_jobs"
        ],
        "schacHomeOrganization": "idp.example.org",
        "eduPersonPrincipalName": "student1@idp.example.org",
        "cn": "Steven Paul Jobs",
        "givenName": "Steve",
        "sn": "Jobs",
        "displayName": "Steve Jobs",
        "mail": "steve.jobs@idp.example.org",
        "eduPersonAffiliation": [
          "member"
        ],
        "eduPersonScopedAffiliation": [
          "member@idp.example.org"
        ],
        "isMemberOf": "urn:collab:org:aarc-project.eu"
      },      
Martin van Es's avatar
WIP    
Martin van Es committed
386
      "account12": {
387
        "explanation": "<b>Incorrect scoping of attributes</b><br/>In this case the instutition has multiple scopes in use (both .org and .edu). However, an assertion should only use scopes consistent with the md:scope element expressed in the IdP metadata. You should test this. Depending on your service provider software (e.g. Shibboleth), you may note incorrectly scoped attributes are filtered out already. Check you logs to confirm this.",
388
        "display": "Test: Incorrect scoping",
Martin van Es's avatar
WIP    
Martin van Es committed
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
        "uid": [
          "isaac"
        ],
        "schacHomeOrganization": "university-example.org",
        "eduPersonPrincipalName": "isaac@university-example.edu",
        "cn": "Sir Isaac Newton",
        "givenName": "Isaac",
        "sn": "Newton",
        "displayName": "Isaac Newton",
        "mail": [
          "isaacnewton@university-example.org",
          "newton@university-example.org"
        ],
        "eduPersonScopedAffiliation": [
          "employee@huniversity-example.org",
          "faculty@university-example.org",
405
          "member@university-example.edu"
Martin van Es's avatar
WIP    
Martin van Es committed
406
407
408
409
410
        ],
        "eduPersonEntitlement": "urn:mace:dir:entitlement:common-lib-terms-example",
        "isMemberOf": "urn:collab:org:aarc-project.eu"
      },
      "account13": {
411
        "explanation": "<b>Invalid email address</b><br/> Note that eduPersonPrincipleName (ePPN) is NOT an email adress, so having multiple @ signs is allowed there.",
412
        "display": "Test: invalid email adress",
Martin van Es's avatar
WIP    
Martin van Es committed
413
414
415
416
        "uid": [
          "oburton"
        ],
        "schacHomeOrganization": "university-example.org",
417
        "eduPersonPrincipalName": "ob@chemistry@university-example.org",
Martin van Es's avatar
WIP    
Martin van Es committed
418
419
420
421
        "cn": "Oscar Burton",
        "givenName": "Oscar",
        "sn": "Burton",
        "displayName": "Oscar Burton",
422
        "mail": "ob@chemistry@university-example.org",
Martin van Es's avatar
WIP    
Martin van Es committed
423
424
425
426
427
428
429
430
431
432
433
434
435
        "eduPersonAffiliation": [
          "employee",
          "member",
          "staff"
        ],
        "eduPersonScopedAffiliation": [
          "employee@huniversity-example.org",
          "staff@university-example.org",
          "member@university-example.org"
        ],
        "isMemberOf": "urn:collab:org:aarc-project.eu"
      },
      "account16": {
436
        "explanation": "<b>No human-readable ePPN</b><br/>The eduPersonPrincipleName is intended as an identifier, but not perse something one should represent to a user. Be aware the value might not contain a human readable value, as is the case in this profile.",
437
        "display": "Test: No human-readable ePPN",
Martin van Es's avatar
WIP    
Martin van Es committed
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
        "uid": [
          "FyHah7$J"
        ],
        "schacHomeOrganization": "idp.example.org",
        "eduPersonPrincipalName": "FyHah7$J@idp.example.org",
        "cn": "William Henry Gates III",
        "givenName": "Bill",
        "sn": "Gates",
        "displayName": "Bill Gates",
        "mail": "bill.gates@example.org",
        "eduPersonAffiliation": [
          "student",
          "member"
        ],
        "eduPersonScopedAffiliation": [
          "member@idp.example.org",
          "student@idp.example.org"
        ],
        "isMemberOf": "urn:collab:org:aarc-project.eu"
      },
      "account17": {
459
460
        "explanation": "<b>Blank attribute values</b><br/>Sending empty attribute values is uncommon, but not disallowed. This profile has empty 'surename' and 'giveName' attributes. The displayname is not empty, however it contains only spaces. Not very useful, but again not technically incorrect.",
        "display": "Test: Empty attributes",
Martin van Es's avatar
WIP    
Martin van Es committed
461
462
463
464
465
466
        "uid": [
          "m_faraday"
        ],
        "schacHomeOrganization": "idp.example.org",
        "eduPersonPrincipalName": "m_faraday@idp.example.org",
        "givenName": "",
467
468
        "sn": "",
        "displayName": "  ",
Martin van Es's avatar
WIP    
Martin van Es committed
469
470
471
472
473
474
475
476
477
478
479
480
        "mail": "m_faraday@idp.example.org",
        "eduPersonAffiliation": [
          "member",
          "student"
        ],
        "eduPersonScopedAffiliation": [
          "member@idp.example.org",
          "student@idp.example.org"
        ],
        "isMemberOf": "urn:collab:org:aarc-project.eu"
      },
      "account18": {
481
        "explanation": "<b>Inconsistant user names</b><br/>There are various fields that may hold (parts of the) user name. The values provided may not seem be consistent.",
482
        "display": "Test: Inconsistant user name",
Martin van Es's avatar
WIP    
Martin van Es committed
483
484
485
486
487
488
489
490
        "uid": [
          "viggo7"
        ],
        "schacHomeOrganization": "unidenmark-example.dk",
        "eduPersonPrincipalName": "viggo7@unidenmark-example.dk",
        "cn": "Christian Godfried Viggo Lind",
        "givenName": "Godfried",
        "sn": "Viggo",
491
        "displayName": "Viggo-Lind, G.",
Martin van Es's avatar
WIP    
Martin van Es committed
492
493
494
495
496
497
498
499
        "mail": "Godfried.Viggo@unidenmark-example.dk",
        "eduPersonAffiliation": "student",
        "eduPersonScopedAffiliation": [
          "student@unidenmark-example.dk"
        ],
        "isMemberOf": "urn:collab:org:aarc-project.eu"
      },
      "account19": {
500
        "explanation": "<b>Non-ASCII UTF-8 values</b><br/>As identity federation is a global endever, you may encounter attribute values with non UTF-8 characters",
501
        "display": "Non-ASCII UTF-8 values (1)",
Martin van Es's avatar
WIP    
Martin van Es committed
502
503
504
505
506
507
508
509
        "uid": [
          "U3342109"
        ],
        "schacHomeOrganization": "exchange-example.edu",
        "eduPersonPrincipalName": "U3342109@exchange-example.edu",
        "cn": "Daisuke Takahashi, 髙橋 大輔",
        "givenName": "Daisuke",
        "sn": "Takahashi",
510
        "displayName": "髙橋 大輔 (Takahashi, D.)",
Martin van Es's avatar
WIP    
Martin van Es committed
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
        "mail": "U3342109@exchange-example.edu",
        "eduPersonAffiliation": [
          "member",
          "student"
        ],
        "eduPersonScopedAffiliation": [
          "member@exchange-example.edu",
          "student@exchange-example.edu"
        ],
        "isMemberOf": [
          "urn:collab:org:exchange-university.org",
          "urn:collab:org:home-university.org"
        ]
      },
      "account20": {
526
        "explanation": "<b>Diacritical characters</b><br/>As identity federation is a global endever, you may encounter attribute values with diacritical characters",
527
        "display": "Test: Diacritical characters",
Martin van Es's avatar
WIP    
Martin van Es committed
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
        "uid": [
          "jorgensen"
        ],
        "schacHomeOrganization": "stockholmuni-example.se",
        "eduPersonPrincipalName": "jorgensen@stockholmuni-example.se",
        "cn": "Martin Nikolaus Jørgensen",
        "givenName": "Martin",
        "sn": "Jørgensen",
        "displayName": "Martin N. Jørgensen",
        "mail": "jorgensen07@stockholmuni-example.se",
        "eduPersonAffiliation": [
          "member",
          "student"
        ],
        "eduPersonScopedAffiliation": [
          "member@stockholmuni-example.se",
          "student@stockholmuni-example.se"
        ],
        "isMemberOf": "urn:collab:org:sunet-example.se"
      }
    }
549
550
551
552
553
  },
  "Experimental profiles": {
    "message": "The experimental profiles section contains profiles which are currenlty under development or are being standerdized.",
    "profiles": {
      "account9": {
554
        "explanation": "<b>REFEDs - Personalized</b><br/>An example implementatin of the REFEDS Personalized Authorization Entity Category attribute bundle. See <a href='https://edu.nl/994m3'>https://edu.nl/994m3</a> for more information.",
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
        "display": "REFEDs - Personalized",
        "uid": [
          "jstiglitz"
        ],
	    "subject-id": "jstiglitz",
        "schacHomeOrganization": "harvard-example.edu",
        "cn": "Joseph Eugene Stiglitz",
        "givenName": "Joseph",
        "sn": "Stiglitz",
        "displayName": "Joseph Stiglitz",
        "mail": "stiglitz@harvard-example.edu",
        "eduPersonScopedAffiliation": [
          "employee@harvard-example.edu",
          "faculty@harvard-example.edu",
          "member@harvard-example.edu"
        ],
        "isMemberOf": "urn:collab:org:aarc-project.eu",
        "eduPersonAssurance": [
            "https://refeds.org/assurance",
            "https://refeds.org/assurance/ID/unique",
            "https://refeds.org/assurance/IAP/low",
            "https://refeds.org/assurance/IAP/medium",
            "https://refeds.org/assurance/ATP/ePA-1m"
        ]        
      }
    }
Martin van Es's avatar
WIP    
Martin van Es committed
581
  }
Martin van Es's avatar
WIP  
Martin van Es committed
582
}