logins.json 30.7 KB
Newer Older
Martin van Es's avatar
WIP  
Martin van Es committed
1
{
2
    "Generic attribute profile": {
3
    "message": "This generic attributes profile many of the attributes that are in use within R&E identity federations. Note however it is unlikely you need all of these. In most cases, you should request a more specific attribute set which can be tested with the other profiles provided.",
4
    "profiles": {
5
      "account0": {
6
        "explanation": "<b>A verbose set of attributes</b><br/>You can select individual attributes below to make the profile information more specific.",
7
8
9
10
        "display": "A verbose set of attributes",
        "uid": [
          "jstiglitz"
        ],
11
12
	    "pairwise-id": "jstiglitz",
	    "subject-id": "jstiglitz",
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
        "eduPersonTargetedID": "bd0916qef0c2e675b2def4ahe6w50b7d4bb4aae",
        "schacHomeOrganization": "harvard-example.edu",
        "eduPersonPrincipalName": "stiglitz@harvard-example.edu",
        "cn": "Joseph Eugene Stiglitz",
        "givenName": "Joseph",
        "sn": "Stiglitz",
        "displayName": "Joseph Stiglitz",
        "mail": "stiglitz@harvard-example.edu",
        "homePhone": "+1 827 675 3232",
        "eduPersonOrcid": "http://orcid.org/0000-1111-2222-3333",
        "eduPersonAffiliation": [
          "member",
          "faculty",
          "student"
        ],
        "eduPersonScopedAffiliation": [
          "employee@harvard-example.edu",
          "faculty@harvard-example.edu",
          "member@harvard-example.edu"
        ],
33
34
35
36
37
38
        "isMemberOf": "urn:collab:org:aarc-project.eu",
        "eduPersonAssurance": [
            "https://refeds.org/assurance",
            "https://refeds.org/assurance/ID/unique",
            "https://refeds.org/assurance/IAP/low",
            "https://refeds.org/assurance/IAP/medium",
Niels van Dijk's avatar
Niels van Dijk committed
39
            "https://refeds.org/assurance/ATP/ePA-1m"
40
        ]        
41
42
43
      }
    }
  },
Martin van Es's avatar
WIP    
Martin van Es committed
44
  "Research and Scholarship": {
45
    "message": "<b>This is the Research and Scholarship (R&S) Section</b><br/>R&S has been designed as a simple and scalable way to release minimal amounts of required personal data to Service Providers serving the Research and Scholarship Community.<br/>The R&S accounts provide the various permutations of attributes you may recieve if you declare yourself an R&S service provider in eduGAIN",
Martin van Es's avatar
WIP    
Martin van Es committed
46
47
    "profiles": {
      "account1": {
48
        "explanation": "<b>R&S: displayName</b><br/>This profile provides a R&S compatible attribute bundle with the name of the user name being provided in the 'displayname' attribute",
49
        "display": "R&S: display name",
Martin van Es's avatar
WIP    
Martin van Es committed
50
51
52
53
54
        "eduPersonPrincipalName": "jrockefeller@idp.example.org",
        "displayName": "John D. Rockefeller",
        "mail": "John.D.Rockefeller@idp.example.org"
      },
      "account2": {
55
        "explanation": "<b>R&S: surname + givename</b></br>This profile provides a R&S compatible attribute bundle with the name of the user name being provided in seperate 'surname' and 'givenname' attributes",
56
        "display": "R&S: surname + givename",
Martin van Es's avatar
WIP    
Martin van Es committed
57
58
59
60
61
62
        "eduPersonPrincipalName": "g_ohm@idp.example.org",
        "givenName": "Georg",
        "sn": "Ohm",
        "mail": "georg.ohm@idp.example.org"
      },
      "account3": {
63
        "explanation": "<b>R&S: name and affiliation</b><br/>This profile provides a R&S compatible attribute bundle with the name of the user name being provided as 'displayname' and as seperate 'surname' and 'givenname' attributes. In addition the users affiliations are provided in the 'eduPersonScopedAffiliation' attribute",
64
        "display": "R&S: name and affiliation",
Martin van Es's avatar
WIP    
Martin van Es committed
65
66
67
        "eduPersonPrincipalName": "jweeler@idp.example.org",
        "givenName": "Joseph",
        "sn": "Weeler",
68
        "displayName": "Joseph Weeler",
Martin van Es's avatar
WIP    
Martin van Es committed
69
70
71
72
73
74
75
        "mail": "joseph.weeler@idp.example.org",
        "eduPersonScopedAffiliation": [
          "member@idp.example.org",
          "student@idp.example.org"
        ]
      },
      "account4": {
76
        "explanation": "<b>R&S: ePPN and pseudonoymous epTID identifiers</b><br/>This profile provides a R&S compatible attribute bundle with the name of the user name being provided as 'displayname' and as seperate 'surname' and 'givenname' attributes. Please note the usage of both 'eduPersonPrincipalName' (ePPN) as well as 'eduPersonTargetedID' (ePTID)  which suggest the 'eduPersonPrincipalName' may not be a stable identifier, but may be reassigned at some point",
77
        "display": "R&S: ePPN and pseudonoymous epTID identifiers",
Martin van Es's avatar
WIP    
Martin van Es committed
78
79
80
81
        "eduPersonPrincipalName": "awest@idp.example.org",
        "eduPersonTargetedID": "bd09168cf0c2e675b2def0ade6f50b7d4bb4aae",
        "givenName": "Anthony",
        "sn": "West",
82
        "displayName": "Anthony West",
Martin van Es's avatar
WIP    
Martin van Es committed
83
84
85
86
87
88
89
90
        "mail": "anthony.west@idp.example.org",
        "eduPersonScopedAffiliation": [
          "member@idp.example.org",
          "employee@idp.example.org",
          "faculty@idp.example.org"
        ]
      },
      "account5": {
91
        "explanation": "<b>R&S: display name, ePPN and transparent epTID identifiers</b><br/>This profile provides a R&S compatible attribute bundle with the name of the user name being provided in the displayname attribute. Please note the usage of both 'eduPersonPrincipalName' (ePPN)  as well as 'eduPersonTargetedID' (ePTID) which suggest the 'eduPersonPrincipalName' may not be a stable identifier, but may be reassigned at some point",
92
        "display": "R&S: display name, ePPN and transparent epTID identifiers",
Martin van Es's avatar
WIP    
Martin van Es committed
93
94
95
96
97
98
        "eduPersonPrincipalName": "bbernanke@idp.example.org",
        "eduPersonTargetedId": "bbernanke@idp.example.org",
        "displayName": "Ben Bernanke",
        "mail": "bbernanke@idp.example.org"
      },
      "account6": {
99
        "explanation": "<b>R&S: surname + givename, ePPN and transparent epTID identifiers</b><br/>This profile provides a R&S compatible attribute bundle with the name of the user name being provided as seperate 'surname' and 'givenname' attributes. Please note the usage of both 'eduPersonPrincipalName' (ePPN) as well as 'eduPersonTargetedID' (ePTID) which suggest the 'eduPersonPrincipalName' (ePPN) may not be a stable identifier, but may be reassigned at some point",
100
        "display": "R&S: surname + givename, ePPN and transparent epTID identifiers",
Martin van Es's avatar
WIP    
Martin van Es committed
101
102
103
104
105
106
107
        "eduPersonPrincipalName": "agreenspan@idp.example.org",
        "eduPersonTargetedId": "agreenspan@idp.example.org",
        "givenName": "Alan",
        "sn": "Greenspan",
        "mail": "agreenspan6@idp.example.org"
      },
      "account7": {
108
        "explanation": "<b>R&S: surname + givename, ePPN and epTID identifiers</b><br/>This profile provides a R&S compatible attribute bundle with the name of the user name being provided in the displayname attribute. Please note the usage of both 'eduPersonPrincipalName' (ePPN) as well as 'eduPersonTargetedID' (ePTID) which suggest the 'eduPersonPrincipalName' may not be a stable identifier, but may be reassigned at some point. In addition the users affiliations are provided in the 'eduPersonScopedAffiliation' attribute",
109
        "display": "R&S: surname + givename, ePPN and epTID identifiers",
Martin van Es's avatar
WIP    
Martin van Es committed
110
111
112
113
114
115
116
117
118
119
120
121
        "eduPersonPrincipalName": "am_ampere@idp.example.org",
        "eduPersonTargetedId": "am_ampere@idp.example.org",
        "displayName": "André-Marie Ampère",
        "mail": "am_ampere@idp.example.org",
        "eduPersonScopedAffiliation": [
          "employee@idp.example.org",
          "staff@idp.example.org",
          "member@idp.example.org",
          "student@idp.example.org"
        ]
      },
      "account8": {
122
123
        "explanation": "<b>R&S: surname + givename, ePPN and epTID identifiers</b><br/>This profile provides a R&S compatible attribute bundle with the name of the user name being provided as seperate 'surname' and 'givenname' attributes.Please note the usage of both 'eduPersonPrincipalName' (ePPN) as well as 'eduPersonTargetedID' (ePTID) which suggest the 'eduPersonPrincipalName' may not be a stable identifier, but may be reassigned at some point. In addition the users affiliations are provided in the 'eduPersonScopedAffiliation' attribute",
        "display": "R&S: surname + givename, ePPN and epTID identifiers",
Martin van Es's avatar
WIP    
Martin van Es committed
124
125
126
127
128
129
130
131
132
133
134
135
136
137
        "eduPersonPrincipalName": "w_rontgen@idp.example.org",
        "eduPersonTargetedId": "w_rontgen@idp.example.org",
        "givenName": "Wilhelm",
        "sn": "Röntgen",
        "mail": "w_rontgen@idp.example.org",
        "eduPersonScopedAffiliation": [
          "employee@idp.example.org",
          "staff@idp.example.org",
          "member@idp.example.org",
          "student@idp.example.org"
        ]
      }
    }
  },
138
139
140
141
142
143
144
  "REFEDs Assurance Framework profiles": {
    "message": "The REFEDs Assurance Framework profiles section contains a number of profile with a basic set of attributes a presented in the R&S Section, but now complemented with assurance information expressed in accordance with the REFEDs Assurance Framework.",
    "profiles": {
      "account101": {
        "explanation": "<b>Cappuccino</b><br/>This profile provides a R&S compatible attribute bundle with the name of the user name being provided in the 'displayname' attribute and assurance profile 'Cappuccino'",
        "display": "Cappuccino",
        "eduPersonPrincipalName": "jrockefeller@idp.example.org",
145
        "subject-id": "jrockefeller",
146
147
148
149
        "displayName": "John D. Rockefeller",
        "mail": "John.D.Rockefeller@idp.example.org",
        "eduPersonAssurance": [
            "https://refeds.org/assurance",
150
            "https://refeds.org/assurance/profile/cappuccino",
151
152
153
154
155
156
            "https://refeds.org/assurance/ID/unique",
            "https://refeds.org/assurance/IAP/low",
            "https://refeds.org/assurance/IAP/medium"
        ]
      },
      "account103": {
157
158
        "explanation": "<b>Another Cappuccino</b><br/>This profile provides a R&S compatible attribute bundle with the name of the user name being provided as 'displayname' and as seperate 'surname' and 'givenname' attributes. In addition the users affiliations are provided in the 'eduPersonScopedAffiliation' attribute. The assurance profile is again 'Cappuccino'.",
        "display": "Another Cappuccino",
159
160
161
162
163
        "eduPersonPrincipalName": "jweeler@idp.example.org",
        "givenName": "Joseph",
        "sn": "Weeler",
        "displayName": "Joseph Weeler",
        "mail": "joseph.weeler@idp.example.org",
164
        "eduPersonUniqueId": "jweeler@idp.example.org",
165
166
167
168
169
170
        "eduPersonScopedAffiliation": [
          "member@idp.example.org",
          "student@idp.example.org"
        ],
        "eduPersonAssurance": [
            "https://refeds.org/assurance",
171
            "https://refeds.org/assurance/profile/cappuccino",
172
173
174
175
176
177
178
179
180
181
182
            "https://refeds.org/assurance/ID/unique",
            "https://refeds.org/assurance/IAP/low",
            "https://refeds.org/assurance/IAP/medium",
            "https://refeds.org/assurance/ATP/ePA-1m"
        ]
      },
      "account105": {
        "explanation": "<b>Espresso</b><br/>This profile provides a R&S compatible attribute bundle with the name of the user name being provided in the displayname attribute. Please note the usage of both 'eduPersonPrincipalName' (ePPN)  as well as 'eduPersonTargetedID' (ePTID) which suggest the 'eduPersonPrincipalName' may not be a stable identifier, but may be reassigned at some point. The assurance profile matches 'Espresso', indicating a high quality of identity proofing.",
        "display": "Espresso",
        "eduPersonPrincipalName": "bbernanke@idp.example.org",
        "eduPersonTargetedId": "29638715@idp.example.org",
183
        "subject-id": "29638715",
184
185
186
187
        "displayName": "Ben Bernanke",
        "mail": "bbernanke@idp.example.org",
        "eduPersonAssurance": [
            "https://refeds.org/assurance",
188
189
            "https://refeds.org/assurance/profile/cappuccino",
            "https://refeds.org/assurance/profile/espresso",
190
191
192
193
194
195
196
197
198
199
200
201
            "https://refeds.org/assurance/ID/unique",
            "https://refeds.org/assurance/IAP/low",
            "https://refeds.org/assurance/IAP/medium",
            "https://refeds.org/assurance/IAP/high",            
            "https://refeds.org/assurance/ATP/ePA-1m"
        ]                
      },
      "account106": {
        "explanation": "<b>Beyond Espresso</b><br/>This profile provides a R&S compatible attribute bundle with the name of the user name being provided as seperate 'surname' and 'givenname' attributes. Please note the usage of both 'eduPersonPrincipalName' (ePPN) as well as 'eduPersonTargetedID' (ePTID) which suggest the 'eduPersonPrincipalName' (ePPN) may not be a stable identifier, but may be reassigned at some point. The assurance profile has all element of 'Espresso' and some additional statements",
        "display": "Beyond Espresso",
        "eduPersonPrincipalName": "agreenspan@idp.example.org",
        "eduPersonTargetedId": "agreenspan@idp.example.org",
202
   	    "pairwise-id": "agreenspan",
203
204
205
206
207
        "givenName": "Alan",
        "sn": "Greenspan",
        "mail": "agreenspan6@idp.example.org",
        "eduPersonAssurance": [
            "https://refeds.org/assurance",
208
209
            "https://refeds.org/assurance/profile/cappuccino",
            "https://refeds.org/assurance/profile/espresso",            
210
211
212
213
214
215
216
217
218
            "https://refeds.org/assurance/ID/unique",
            "https://refeds.org/assurance/ID/eppn-unique-no-reassign",
            "https://refeds.org/assurance/IAP/low",
            "https://refeds.org/assurance/IAP/medium",
            "https://refeds.org/assurance/IAP/high",
            "https://refeds.org/assurance/IAP/local-enterprise",
            "https://refeds.org/assurance/ATP/ePA-1m"
        ]  
      },
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
      "account102": {
        "explanation": "<b>no ePPN reassign</b></br>This profile provides a R&S compatible attribute bundle with the name of the user name being provided in seperate 'surname' and 'givenname' attributes. Using the assurance profile, it is indicated the ePPN is not reassigned.",
        "display": "no ePPN reassign",
        "eduPersonPrincipalName": "g_ohm@idp.example.org",
        "givenName": "Georg",
        "sn": "Ohm",
        "mail": "georg.ohm@idp.example.org",
        "eduPersonAssurance": [
            "https://refeds.org/assurance",
            "https://refeds.org/assurance/ID/eppn-unique-no-reassign",           
            "https://refeds.org/assurance/IAP/low",
            "https://refeds.org/assurance/IAP/medium",
            "https://refeds.org/assurance/ATP/ePA-1m"
        ]        
      },
      "account104": {
        "explanation": "<b>ePPN reassign</b><br/>This profile provides a R&S compatible attribute bundle with the name of the user name being provided as 'displayname' and as seperate 'surname' and 'givenname' attributes. Please note the usage of both 'eduPersonPrincipalName' (ePPN) as well as 'eduPersonTargetedID' (ePTID)  which suggest the 'eduPersonPrincipalName' may not be a stable identifier, but may be reassigned at some point. The latter is also indicated in teh assurance profile.",
        "display": "ePPN reassign",
        "eduPersonPrincipalName": "awest@idp.example.org",
        "eduPersonTargetedID": "bd09168cf0c2e675b2def0ade6f50b7d4bb4aae",
239
        "eduPersonUniqueId": "bd09168cf0c2e675b2def0ade6f50b7d4bb4aae",
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
        "givenName": "Anthony",
        "sn": "West",
        "displayName": "Anthony West",
        "mail": "anthony.west@idp.example.org",
        "eduPersonScopedAffiliation": [
          "member@idp.example.org",
          "employee@idp.example.org",
          "faculty@idp.example.org"
        ],
        "eduPersonAssurance": [
            "https://refeds.org/assurance",
            "https://refeds.org/assurance/ID/eppn-unique-reassign-1y",           
            "https://refeds.org/assurance/ID/unique",
            "https://refeds.org/assurance/IAP/low",
            "https://refeds.org/assurance/IAP/medium",
            "https://refeds.org/assurance/ATP/ePA-1m"
        ]     
      },
258
259
260
261
262
      "account107": {
        "explanation": "<b>Local Enterprise'</b><br/>This profile provides a R&S compatible attribute bundle with the name of the user name being provided in the displayname attribute. Please note the usage of both 'eduPersonPrincipalName' (ePPN) as well as 'eduPersonTargetedID' (ePTID) which suggest the 'eduPersonPrincipalName' may not be a stable identifier, but may be reassigned at some point. In addition the users affiliations are provided in the 'eduPersonScopedAffiliation' attribute. In addition, the assurance profile signals the identity proofing and credential issuance, renewal and replacement are done in a way that qualifies (or would qualify) the user to access the Home Organisation’s internal administrative systems",
        "display": "'Local Enterprise'",
        "eduPersonPrincipalName": "am_ampere@idp.example.org",
        "eduPersonTargetedId": "am_ampere@idp.example.org",
263
        "subject-id": "am_ampere@idp.example.org",
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
        "displayName": "André-Marie Ampère",
        "mail": "am_ampere@idp.example.org",
        "eduPersonScopedAffiliation": [
          "employee@idp.example.org",
          "staff@idp.example.org",
          "member@idp.example.org",
          "student@idp.example.org"
        ],
        "eduPersonAssurance": [
            "https://refeds.org/assurance",
            "https://refeds.org/assurance/ID/unique",
            "https://refeds.org/assurance/IAP/low",
            "https://refeds.org/assurance/IAP/medium",
            "https://refeds.org/assurance/IAP/high",  
            "https://refeds.org/assurance/IAP/local-enterprise",                      
            "https://refeds.org/assurance/ATP/ePA-1m"
        ]          
      },
      "account108": {
        "explanation": "<b>One Day Fly</b><br/>This profile provides a R&S compatible attribute bundle with the name of the user name being provided as seperate 'surname' and 'givenname' attributes.Please note the usage of both 'eduPersonPrincipalName' (ePPN) as well as 'eduPersonTargetedID' (ePTID) which suggest the 'eduPersonPrincipalName' may not be a stable identifier, but may be reassigned at some point. In addition the users affiliations are provided in the 'eduPersonScopedAffiliation' attribute. As indicated by the assurance profile, the eduPersonScopedAffiliation reflect user’s departure within one days time",
        "display": "One Day Fly",
        "eduPersonPrincipalName": "w_rontgen@idp.example.org",
        "eduPersonTargetedId": "w_rontgen@idp.example.org",
287
        "subject-id": "w_rontgen",
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
        "givenName": "Wilhelm",
        "sn": "Röntgen",
        "mail": "w_rontgen@idp.example.org",
        "eduPersonScopedAffiliation": [
          "employee@idp.example.org",
          "staff@idp.example.org",
          "member@idp.example.org",
          "student@idp.example.org"
        ],
        "eduPersonAssurance": [
            "https://refeds.org/assurance",
            "https://refeds.org/assurance/ID/unique",
            "https://refeds.org/assurance/IAP/low",
            "https://refeds.org/assurance/IAP/medium",
            "https://refeds.org/assurance/IAP/high",            
            "https://refeds.org/assurance/ATP/ePA-1d"
        ]          
      },
      "account109": {
        "explanation": "<b>Self Asserted</b><br/>This profile provides a R&S compatible attribute bundle with the name of the user name being provided in the 'displayname' attribute. The assurance profile indicated the credentials my be self asserted by the user.",
        "display": "Self Asserted",
        "eduPersonPrincipalName": "jrockefeller@idp.example.org",
        "displayName": "John D. Rockefeller",
        "mail": "John.D.Rockefeller@idp.example.org",
        "eduPersonAssurance": [
            "https://refeds.org/assurance",
            "https://refeds.org/assurance/IAP/low"
        ]
316
      }      
317
318
    }
  },
Martin van Es's avatar
WIP    
Martin van Es committed
319
  "Behaviour tests": {
320
    "message": "This is the behaviour tests Section.<br>These tests offer a range of scenarios you could encounter when engaging with identity federations 'in the wild'. Use these tests to confirm compatilbility with various attribute useage scenrios and various values of attributes which may be delivered to your Service.",
Martin van Es's avatar
WIP    
Martin van Es committed
321
    "profiles": {
322
      "account210": {
323
324
        "explanation": "<b>Multi-valued mail attribute</b><br>The email attribute is multi valued, so you may recieve more then one of them. It is up to you to decide how to handle that.",
        "display": "Test: Multi-valued mail attribute",
Martin van Es's avatar
WIP    
Martin van Es committed
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
        "uid": [
          "belfort"
        ],
        "schacHomeOrganization": "harvard-example.edu",
        "eduPersonPrincipalName": "belfort@harvard-example.edu",
        "cn": "Jordan Ross Belfort",
        "givenName": "Jordan",
        "sn": "Belfort",
        "displayName": "Jordan R. Belfort",
        "mail": [
          "Jordan.Belfort@harvard-example.edu",
          "jordan@harvard-example.edu"
        ],
        "eduPersonAffiliation": [
          "employee",
          "faculty",
          "member"
        ],
        "eduPersonScopedAffiliation": [
          "employee@harvard-example.edu",
          "faculty@harvard-example.edu",
          "member@harvard-example.edu"
        ],
        "eduPersonEntitlement": "urn:mace:dir:entitlement:common-lib-terms-example",
        "isMemberOf": "urn:collab:org:aarc-project.eu"
      },
351
      "account211": {
352
        "explanation": "<b>No member affiliation</b><br/>. Even though this profile is asserted by the institutional identity provider, this user is not considered to be a member (so not student, nor factuly or staff) of the institution.<br>You can (and should) use the value of eduPersonAffiliation or eduPersonScopedAffiliation to evaluate this",
353
        "display": "Test: No a member",
Martin van Es's avatar
WIP    
Martin van Es committed
354
355
356
357
358
359
360
361
362
363
        "uid": [
          "wynn"
        ],
        "schacHomeOrganization": "harvard-example.edu",
        "eduPersonPrincipalName": "wynn@harvard-example.edu",
        "cn": "Steve Alen Wynn",
        "givenName": "Steve",
        "sn": "Wynn",
        "displayName": "Steve Wynn",
        "mail": [
364
          "S.Wynn@harvard-example.edu"
Martin van Es's avatar
WIP    
Martin van Es committed
365
366
        ],
        "eduPersonAffiliation": [
367
368
          "alum", 
          "library-walk-in"
Martin van Es's avatar
WIP    
Martin van Es committed
369
370
        ],
        "eduPersonScopedAffiliation": [
371
372
          "alum@harvard-example.edu",
          "library-walk-in@harvard-example.edu"
Martin van Es's avatar
WIP    
Martin van Es committed
373
374
375
376
        ],
        "eduPersonEntitlement": "urn:mace:dir:entitlement:common-lib-terms-example",
        "isMemberOf": "urn:collab:org:aarc-project.eu"
      },
377
      "account215": {
378
        "explanation": "<b>Member only</b><br/>In this profile you can only learn about the fact that this user is a member of the institution, but not what the affilation is. This is a very common default setting",
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
        "display": "Test: Member affiliation only",
        "uid": [
          "s_jobs"
        ],
        "schacHomeOrganization": "idp.example.org",
        "eduPersonPrincipalName": "student1@idp.example.org",
        "cn": "Steven Paul Jobs",
        "givenName": "Steve",
        "sn": "Jobs",
        "displayName": "Steve Jobs",
        "mail": "steve.jobs@idp.example.org",
        "eduPersonAffiliation": [
          "member"
        ],
        "eduPersonScopedAffiliation": [
          "member@idp.example.org"
        ],
        "isMemberOf": "urn:collab:org:aarc-project.eu"
      },      
398
      "account212": {
399
        "explanation": "<b>Incorrect scoping of attributes</b><br/>In this case the instutition has multiple scopes in use (both .org and .edu). However, an assertion should only use scopes consistent with the md:scope element expressed in the IdP metadata. You should test this. Depending on your service provider software (e.g. Shibboleth), you may note incorrectly scoped attributes are filtered out already. Check you logs to confirm this.",
400
        "display": "Test: Incorrect scoping",
Martin van Es's avatar
WIP    
Martin van Es committed
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
        "uid": [
          "isaac"
        ],
        "schacHomeOrganization": "university-example.org",
        "eduPersonPrincipalName": "isaac@university-example.edu",
        "cn": "Sir Isaac Newton",
        "givenName": "Isaac",
        "sn": "Newton",
        "displayName": "Isaac Newton",
        "mail": [
          "isaacnewton@university-example.org",
          "newton@university-example.org"
        ],
        "eduPersonScopedAffiliation": [
          "employee@huniversity-example.org",
          "faculty@university-example.org",
417
          "member@university-example.edu"
Martin van Es's avatar
WIP    
Martin van Es committed
418
419
420
421
        ],
        "eduPersonEntitlement": "urn:mace:dir:entitlement:common-lib-terms-example",
        "isMemberOf": "urn:collab:org:aarc-project.eu"
      },
422
      "account213": {
423
        "explanation": "<b>Invalid email address</b><br/> Note that eduPersonPrincipleName (ePPN) is NOT an email adress, so having multiple @ signs is allowed there.",
424
        "display": "Test: invalid email adress",
Martin van Es's avatar
WIP    
Martin van Es committed
425
426
427
428
        "uid": [
          "oburton"
        ],
        "schacHomeOrganization": "university-example.org",
429
        "eduPersonPrincipalName": "ob@chemistry@university-example.org",
Martin van Es's avatar
WIP    
Martin van Es committed
430
431
432
433
        "cn": "Oscar Burton",
        "givenName": "Oscar",
        "sn": "Burton",
        "displayName": "Oscar Burton",
434
        "mail": "ob@chemistry@university-example.org",
Martin van Es's avatar
WIP    
Martin van Es committed
435
436
437
438
439
440
441
442
443
444
445
446
        "eduPersonAffiliation": [
          "employee",
          "member",
          "staff"
        ],
        "eduPersonScopedAffiliation": [
          "employee@huniversity-example.org",
          "staff@university-example.org",
          "member@university-example.org"
        ],
        "isMemberOf": "urn:collab:org:aarc-project.eu"
      },
447
      "account216": {
448
        "explanation": "<b>No human-readable ePPN</b><br/>The eduPersonPrincipleName is intended as an identifier, but not perse something one should represent to a user. Be aware the value might not contain a human readable value, as is the case in this profile.",
449
        "display": "Test: No human-readable ePPN",
Martin van Es's avatar
WIP    
Martin van Es committed
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
        "uid": [
          "FyHah7$J"
        ],
        "schacHomeOrganization": "idp.example.org",
        "eduPersonPrincipalName": "FyHah7$J@idp.example.org",
        "cn": "William Henry Gates III",
        "givenName": "Bill",
        "sn": "Gates",
        "displayName": "Bill Gates",
        "mail": "bill.gates@example.org",
        "eduPersonAffiliation": [
          "student",
          "member"
        ],
        "eduPersonScopedAffiliation": [
          "member@idp.example.org",
          "student@idp.example.org"
        ],
        "isMemberOf": "urn:collab:org:aarc-project.eu"
      },
470
      "account217": {
471
472
        "explanation": "<b>Blank attribute values</b><br/>Sending empty attribute values is uncommon, but not disallowed. This profile has empty 'surename' and 'giveName' attributes. The displayname is not empty, however it contains only spaces. Not very useful, but again not technically incorrect.",
        "display": "Test: Empty attributes",
Martin van Es's avatar
WIP    
Martin van Es committed
473
474
475
476
477
478
        "uid": [
          "m_faraday"
        ],
        "schacHomeOrganization": "idp.example.org",
        "eduPersonPrincipalName": "m_faraday@idp.example.org",
        "givenName": "",
479
480
        "sn": "",
        "displayName": "  ",
Martin van Es's avatar
WIP    
Martin van Es committed
481
482
483
484
485
486
487
488
489
490
491
        "mail": "m_faraday@idp.example.org",
        "eduPersonAffiliation": [
          "member",
          "student"
        ],
        "eduPersonScopedAffiliation": [
          "member@idp.example.org",
          "student@idp.example.org"
        ],
        "isMemberOf": "urn:collab:org:aarc-project.eu"
      },
492
      "account218": {
493
        "explanation": "<b>Inconsistant user names</b><br/>There are various fields that may hold (parts of the) user name. The values provided may not seem be consistent.",
494
        "display": "Test: Inconsistant user name",
Martin van Es's avatar
WIP    
Martin van Es committed
495
496
497
498
499
500
501
502
        "uid": [
          "viggo7"
        ],
        "schacHomeOrganization": "unidenmark-example.dk",
        "eduPersonPrincipalName": "viggo7@unidenmark-example.dk",
        "cn": "Christian Godfried Viggo Lind",
        "givenName": "Godfried",
        "sn": "Viggo",
503
        "displayName": "Viggo-Lind, G.",
Martin van Es's avatar
WIP    
Martin van Es committed
504
505
506
507
508
509
510
        "mail": "Godfried.Viggo@unidenmark-example.dk",
        "eduPersonAffiliation": "student",
        "eduPersonScopedAffiliation": [
          "student@unidenmark-example.dk"
        ],
        "isMemberOf": "urn:collab:org:aarc-project.eu"
      },
511
      "account219": {
512
        "explanation": "<b>Non-ASCII UTF-8 values</b><br/>As identity federation is a global endever, you may encounter attribute values with non UTF-8 characters",
513
        "display": "Non-ASCII UTF-8 values (1)",
Martin van Es's avatar
WIP    
Martin van Es committed
514
515
516
517
518
519
520
521
        "uid": [
          "U3342109"
        ],
        "schacHomeOrganization": "exchange-example.edu",
        "eduPersonPrincipalName": "U3342109@exchange-example.edu",
        "cn": "Daisuke Takahashi, 髙橋 大輔",
        "givenName": "Daisuke",
        "sn": "Takahashi",
522
        "displayName": "髙橋 大輔 (Takahashi, D.)",
Martin van Es's avatar
WIP    
Martin van Es committed
523
524
525
526
527
528
529
530
531
532
533
534
535
536
        "mail": "U3342109@exchange-example.edu",
        "eduPersonAffiliation": [
          "member",
          "student"
        ],
        "eduPersonScopedAffiliation": [
          "member@exchange-example.edu",
          "student@exchange-example.edu"
        ],
        "isMemberOf": [
          "urn:collab:org:exchange-university.org",
          "urn:collab:org:home-university.org"
        ]
      },
537
      "account220": {
538
        "explanation": "<b>Diacritical characters</b><br/>As identity federation is a global endever, you may encounter attribute values with diacritical characters",
539
        "display": "Test: Diacritical characters",
Martin van Es's avatar
WIP    
Martin van Es committed
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
        "uid": [
          "jorgensen"
        ],
        "schacHomeOrganization": "stockholmuni-example.se",
        "eduPersonPrincipalName": "jorgensen@stockholmuni-example.se",
        "cn": "Martin Nikolaus Jørgensen",
        "givenName": "Martin",
        "sn": "Jørgensen",
        "displayName": "Martin N. Jørgensen",
        "mail": "jorgensen07@stockholmuni-example.se",
        "eduPersonAffiliation": [
          "member",
          "student"
        ],
        "eduPersonScopedAffiliation": [
          "member@stockholmuni-example.se",
          "student@stockholmuni-example.se"
        ],
        "isMemberOf": "urn:collab:org:sunet-example.se"
      }
    }
561
562
563
564
  },
  "Experimental profiles": {
    "message": "The experimental profiles section contains profiles which are currenlty under development or are being standerdized.",
    "profiles": {
565
566
      "account900": {
        "explanation": "<b>REFEDs - Personalized</b><br/>An example implementatin of the REFEDS Personalized Authorization Entity Category attribute bundle. For more information see <a href='https://edu.nl/994m3' target='_blank'>https://edu.nl/994m3</a>",
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
        "display": "REFEDs - Personalized",
        "uid": [
          "jstiglitz"
        ],
	    "subject-id": "jstiglitz",
        "schacHomeOrganization": "harvard-example.edu",
        "cn": "Joseph Eugene Stiglitz",
        "givenName": "Joseph",
        "sn": "Stiglitz",
        "displayName": "Joseph Stiglitz",
        "mail": "stiglitz@harvard-example.edu",
        "eduPersonScopedAffiliation": [
          "employee@harvard-example.edu",
          "faculty@harvard-example.edu",
          "member@harvard-example.edu"
        ],
        "eduPersonAssurance": [
            "https://refeds.org/assurance",
            "https://refeds.org/assurance/ID/unique",
            "https://refeds.org/assurance/IAP/low",
            "https://refeds.org/assurance/IAP/medium",
            "https://refeds.org/assurance/ATP/ePA-1m"
        ]        
      }
    }
Martin van Es's avatar
WIP    
Martin van Es committed
592
  }
Martin van Es's avatar
WIP  
Martin van Es committed
593
}