Commit 28dc1dc7 authored by Niels van Dijk's avatar Niels van Dijk
Browse files

Added RAF section and new user profiles with v

arios RAF compatible expressions for eduPersonAssurance
parent 74aeb49a
...@@ -28,7 +28,14 @@ ...@@ -28,7 +28,14 @@
"faculty@harvard-example.edu", "faculty@harvard-example.edu",
"member@harvard-example.edu" "member@harvard-example.edu"
], ],
"isMemberOf": "urn:collab:org:aarc-project.eu" "isMemberOf": "urn:collab:org:aarc-project.eu",
"eduPersonAssurance": [
"https://refeds.org/assurance",
"https://refeds.org/assurance/ID/unique",
"https://refeds.org/assurance/IAP/low",
"https://refeds.org/assurance/IAP/medium",
"https://refeds.org/assurance/ATP/ePA-1m",
]
} }
} }
}, },
...@@ -126,8 +133,177 @@ ...@@ -126,8 +133,177 @@
} }
} }
}, },
"REFEDs Assurance Framework profiles": {
"message": "The REFEDs Assurance Framework profiles section contains a number of profile with a basic set of attributes a presented in the R&S Section, but now complemented with assurance information expressed in accordance with the REFEDs Assurance Framework.",
"profiles": {
"account101": {
"explanation": "<b>Cappuccino</b><br/>This profile provides a R&S compatible attribute bundle with the name of the user name being provided in the 'displayname' attribute and assurance profile 'Cappuccino'",
"display": "Cappuccino",
"eduPersonPrincipalName": "jrockefeller@idp.example.org",
"displayName": "John D. Rockefeller",
"mail": "John.D.Rockefeller@idp.example.org",
"eduPersonAssurance": [
"https://refeds.org/assurance",
"https://refeds.org/assurance/ID/unique",
"https://refeds.org/assurance/IAP/low",
"https://refeds.org/assurance/IAP/medium"
]
},
"account102": {
"explanation": "<b>no ePPN reassign</b></br>This profile provides a R&S compatible attribute bundle with the name of the user name being provided in seperate 'surname' and 'givenname' attributes. Using the assurance profile, it is indicated the ePPN is not reassigned.",
"display": "no ePPN reassign",
"eduPersonPrincipalName": "g_ohm@idp.example.org",
"givenName": "Georg",
"sn": "Ohm",
"mail": "georg.ohm@idp.example.org",
"eduPersonAssurance": [
"https://refeds.org/assurance",
"https://refeds.org/assurance/ID/eppn-unique-no-reassign",
"https://refeds.org/assurance/ID/unique",
"https://refeds.org/assurance/IAP/low",
"https://refeds.org/assurance/IAP/medium",
"https://refeds.org/assurance/ATP/ePA-1m"
]
},
"account103": {
"explanation": "<b>Cappuccino</b><br/>This profile provides a R&S compatible attribute bundle with the name of the user name being provided as 'displayname' and as seperate 'surname' and 'givenname' attributes. In addition the users affiliations are provided in the 'eduPersonScopedAffiliation' attribute. The assurance profile is again 'Cappuccino'.",
"display": "Cappuccino",
"eduPersonPrincipalName": "jweeler@idp.example.org",
"givenName": "Joseph",
"sn": "Weeler",
"displayName": "Joseph Weeler",
"mail": "joseph.weeler@idp.example.org",
"eduPersonScopedAffiliation": [
"member@idp.example.org",
"student@idp.example.org"
],
"eduPersonAssurance": [
"https://refeds.org/assurance",
"https://refeds.org/assurance/ID/unique",
"https://refeds.org/assurance/IAP/low",
"https://refeds.org/assurance/IAP/medium",
"https://refeds.org/assurance/ATP/ePA-1m"
]
},
"account104": {
"explanation": "<b>ePPN reassign</b><br/>This profile provides a R&S compatible attribute bundle with the name of the user name being provided as 'displayname' and as seperate 'surname' and 'givenname' attributes. Please note the usage of both 'eduPersonPrincipalName' (ePPN) as well as 'eduPersonTargetedID' (ePTID) which suggest the 'eduPersonPrincipalName' may not be a stable identifier, but may be reassigned at some point. The latter is also indicated in teh assurance profile.",
"display": "ePPN reassign",
"eduPersonPrincipalName": "awest@idp.example.org",
"eduPersonTargetedID": "bd09168cf0c2e675b2def0ade6f50b7d4bb4aae",
"givenName": "Anthony",
"sn": "West",
"displayName": "Anthony West",
"mail": "anthony.west@idp.example.org",
"eduPersonScopedAffiliation": [
"member@idp.example.org",
"employee@idp.example.org",
"faculty@idp.example.org"
],
"eduPersonAssurance": [
"https://refeds.org/assurance",
"https://refeds.org/assurance/ID/eppn-unique-reassign-1y",
"https://refeds.org/assurance/ID/unique",
"https://refeds.org/assurance/IAP/low",
"https://refeds.org/assurance/IAP/medium",
"https://refeds.org/assurance/ATP/ePA-1m"
]
},
"account105": {
"explanation": "<b>Espresso</b><br/>This profile provides a R&S compatible attribute bundle with the name of the user name being provided in the displayname attribute. Please note the usage of both 'eduPersonPrincipalName' (ePPN) as well as 'eduPersonTargetedID' (ePTID) which suggest the 'eduPersonPrincipalName' may not be a stable identifier, but may be reassigned at some point. The assurance profile matches 'Espresso', indicating a high quality of identity proofing.",
"display": "Espresso",
"eduPersonPrincipalName": "bbernanke@idp.example.org",
"eduPersonTargetedId": "29638715@idp.example.org",
"displayName": "Ben Bernanke",
"mail": "bbernanke@idp.example.org",
"eduPersonAssurance": [
"https://refeds.org/assurance",
"https://refeds.org/assurance/ID/unique",
"https://refeds.org/assurance/IAP/low",
"https://refeds.org/assurance/IAP/medium",
"https://refeds.org/assurance/IAP/high",
"https://refeds.org/assurance/ATP/ePA-1m"
]
},
"account106": {
"explanation": "<b>Beyond Espresso</b><br/>This profile provides a R&S compatible attribute bundle with the name of the user name being provided as seperate 'surname' and 'givenname' attributes. Please note the usage of both 'eduPersonPrincipalName' (ePPN) as well as 'eduPersonTargetedID' (ePTID) which suggest the 'eduPersonPrincipalName' (ePPN) may not be a stable identifier, but may be reassigned at some point. The assurance profile has all element of 'Espresso' and some additional statements",
"display": "Beyond Espresso",
"eduPersonPrincipalName": "agreenspan@idp.example.org",
"eduPersonTargetedId": "agreenspan@idp.example.org",
"givenName": "Alan",
"sn": "Greenspan",
"mail": "agreenspan6@idp.example.org",
"eduPersonAssurance": [
"https://refeds.org/assurance",
"https://refeds.org/assurance/ID/unique",
"https://refeds.org/assurance/ID/eppn-unique-no-reassign",
"https://refeds.org/assurance/IAP/low",
"https://refeds.org/assurance/IAP/medium",
"https://refeds.org/assurance/IAP/high",
"https://refeds.org/assurance/IAP/local-enterprise",
"https://refeds.org/assurance/ATP/ePA-1m"
]
},
"account107": {
"explanation": "<b>Local Enterprise'</b><br/>This profile provides a R&S compatible attribute bundle with the name of the user name being provided in the displayname attribute. Please note the usage of both 'eduPersonPrincipalName' (ePPN) as well as 'eduPersonTargetedID' (ePTID) which suggest the 'eduPersonPrincipalName' may not be a stable identifier, but may be reassigned at some point. In addition the users affiliations are provided in the 'eduPersonScopedAffiliation' attribute. In addition, the assurance profile signals the identity proofing and credential issuance, renewal and replacement are done in a way that qualifies (or would qualify) the user to access the Home Organisation’s internal administrative systems",
"display": "'Local Enterprise'",
"eduPersonPrincipalName": "am_ampere@idp.example.org",
"eduPersonTargetedId": "am_ampere@idp.example.org",
"displayName": "André-Marie Ampère",
"mail": "am_ampere@idp.example.org",
"eduPersonScopedAffiliation": [
"employee@idp.example.org",
"staff@idp.example.org",
"member@idp.example.org",
"student@idp.example.org"
],
"eduPersonAssurance": [
"https://refeds.org/assurance",
"https://refeds.org/assurance/ID/unique",
"https://refeds.org/assurance/IAP/low",
"https://refeds.org/assurance/IAP/medium",
"https://refeds.org/assurance/IAP/high",
"https://refeds.org/assurance/IAP/local-enterprise",
"https://refeds.org/assurance/ATP/ePA-1m"
]
},
"account108": {
"explanation": "<b>One Day Fly</b><br/>This profile provides a R&S compatible attribute bundle with the name of the user name being provided as seperate 'surname' and 'givenname' attributes.Please note the usage of both 'eduPersonPrincipalName' (ePPN) as well as 'eduPersonTargetedID' (ePTID) which suggest the 'eduPersonPrincipalName' may not be a stable identifier, but may be reassigned at some point. In addition the users affiliations are provided in the 'eduPersonScopedAffiliation' attribute. As indicated by the assurance profile, the eduPersonScopedAffiliation reflect user’s departure within one days time",
"display": "One Day Fly",
"eduPersonPrincipalName": "w_rontgen@idp.example.org",
"eduPersonTargetedId": "w_rontgen@idp.example.org",
"givenName": "Wilhelm",
"sn": "Röntgen",
"mail": "w_rontgen@idp.example.org",
"eduPersonScopedAffiliation": [
"employee@idp.example.org",
"staff@idp.example.org",
"member@idp.example.org",
"student@idp.example.org"
],
"eduPersonAssurance": [
"https://refeds.org/assurance",
"https://refeds.org/assurance/ID/unique",
"https://refeds.org/assurance/IAP/low",
"https://refeds.org/assurance/IAP/medium",
"https://refeds.org/assurance/IAP/high",
"https://refeds.org/assurance/ATP/ePA-1d"
]
},
"account109": {
"explanation": "<b>Self Asserted</b><br/>This profile provides a R&S compatible attribute bundle with the name of the user name being provided in the 'displayname' attribute. The assurance profile indicated the credentials my be self asserted by the user.",
"display": "Self Asserted",
"eduPersonPrincipalName": "jrockefeller@idp.example.org",
"displayName": "John D. Rockefeller",
"mail": "John.D.Rockefeller@idp.example.org",
"eduPersonAssurance": [
"https://refeds.org/assurance",
"https://refeds.org/assurance/IAP/low"
]
},
}
},
"Behaviour tests": { "Behaviour tests": {
"message": "This is the beahaviour tests Section.<br>These tests offer a range of scenarios you could encounter when engaing with identity federations 'in the wild'. Use these tests to confirm compatilbility with various attribute useage scenrios and various values of attributes which may be delivered to your Service.", "message": "This is the behaviour tests Section.<br>These tests offer a range of scenarios you could encounter when engaging with identity federations 'in the wild'. Use these tests to confirm compatilbility with various attribute useage scenrios and various values of attributes which may be delivered to your Service.",
"profiles": { "profiles": {
"account10": { "account10": {
"explanation": "<b>Multi-valued mail attribute</b><br>The email attribute is multi valued, so you may recieve more then one of them. It is up to you to decide how to handle that.", "explanation": "<b>Multi-valued mail attribute</b><br>The email attribute is multi valued, so you may recieve more then one of them. It is up to you to decide how to handle that.",
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment