Commit ae08686d authored by Niels van Dijk's avatar Niels van Dijk
Browse files

Updated Cappuchino proifiles so to remove duplicate name. Reordered assurance...

Updated Cappuchino proifiles so to remove duplicate name. Reordered assurance profiles. Fixed issue with account number for experimental profile. Renumberd accountids to prevent future collisions.
parent 732be20e
......@@ -2,7 +2,7 @@
"Generic attribute profile": {
"message": "This generic attributes profile many of the attributes that are in use within R&E identity federations. Note however it is unlikely you need all of these. In most cases, you should request a more specific attribute set which can be tested with the other profiles provided.",
"profiles": {
"account9": {
"account0": {
"explanation": "<b>A verbose set of attributes</b><br/>You can select individual attributes below to make the profile information more specific.",
"display": "A verbose set of attributes",
"uid": [
......@@ -151,25 +151,9 @@
"https://refeds.org/assurance/IAP/medium"
]
},
"account102": {
"explanation": "<b>no ePPN reassign</b></br>This profile provides a R&S compatible attribute bundle with the name of the user name being provided in seperate 'surname' and 'givenname' attributes. Using the assurance profile, it is indicated the ePPN is not reassigned.",
"display": "no ePPN reassign",
"eduPersonPrincipalName": "g_ohm@idp.example.org",
"givenName": "Georg",
"sn": "Ohm",
"mail": "georg.ohm@idp.example.org",
"eduPersonAssurance": [
"https://refeds.org/assurance",
"https://refeds.org/assurance/ID/eppn-unique-no-reassign",
"https://refeds.org/assurance/ID/unique",
"https://refeds.org/assurance/IAP/low",
"https://refeds.org/assurance/IAP/medium",
"https://refeds.org/assurance/ATP/ePA-1m"
]
},
"account103": {
"explanation": "<b>Cappuccino</b><br/>This profile provides a R&S compatible attribute bundle with the name of the user name being provided as 'displayname' and as seperate 'surname' and 'givenname' attributes. In addition the users affiliations are provided in the 'eduPersonScopedAffiliation' attribute. The assurance profile is again 'Cappuccino'.",
"display": "Cappuccino",
"explanation": "<b>Another Cappuccino</b><br/>This profile provides a R&S compatible attribute bundle with the name of the user name being provided as 'displayname' and as seperate 'surname' and 'givenname' attributes. In addition the users affiliations are provided in the 'eduPersonScopedAffiliation' attribute. The assurance profile is again 'Cappuccino'.",
"display": "Another Cappuccino",
"eduPersonPrincipalName": "jweeler@idp.example.org",
"givenName": "Joseph",
"sn": "Weeler",
......@@ -187,29 +171,6 @@
"https://refeds.org/assurance/ATP/ePA-1m"
]
},
"account104": {
"explanation": "<b>ePPN reassign</b><br/>This profile provides a R&S compatible attribute bundle with the name of the user name being provided as 'displayname' and as seperate 'surname' and 'givenname' attributes. Please note the usage of both 'eduPersonPrincipalName' (ePPN) as well as 'eduPersonTargetedID' (ePTID) which suggest the 'eduPersonPrincipalName' may not be a stable identifier, but may be reassigned at some point. The latter is also indicated in teh assurance profile.",
"display": "ePPN reassign",
"eduPersonPrincipalName": "awest@idp.example.org",
"eduPersonTargetedID": "bd09168cf0c2e675b2def0ade6f50b7d4bb4aae",
"givenName": "Anthony",
"sn": "West",
"displayName": "Anthony West",
"mail": "anthony.west@idp.example.org",
"eduPersonScopedAffiliation": [
"member@idp.example.org",
"employee@idp.example.org",
"faculty@idp.example.org"
],
"eduPersonAssurance": [
"https://refeds.org/assurance",
"https://refeds.org/assurance/ID/eppn-unique-reassign-1y",
"https://refeds.org/assurance/ID/unique",
"https://refeds.org/assurance/IAP/low",
"https://refeds.org/assurance/IAP/medium",
"https://refeds.org/assurance/ATP/ePA-1m"
]
},
"account105": {
"explanation": "<b>Espresso</b><br/>This profile provides a R&S compatible attribute bundle with the name of the user name being provided in the displayname attribute. Please note the usage of both 'eduPersonPrincipalName' (ePPN) as well as 'eduPersonTargetedID' (ePTID) which suggest the 'eduPersonPrincipalName' may not be a stable identifier, but may be reassigned at some point. The assurance profile matches 'Espresso', indicating a high quality of identity proofing.",
"display": "Espresso",
......@@ -245,6 +206,45 @@
"https://refeds.org/assurance/ATP/ePA-1m"
]
},
"account102": {
"explanation": "<b>no ePPN reassign</b></br>This profile provides a R&S compatible attribute bundle with the name of the user name being provided in seperate 'surname' and 'givenname' attributes. Using the assurance profile, it is indicated the ePPN is not reassigned.",
"display": "no ePPN reassign",
"eduPersonPrincipalName": "g_ohm@idp.example.org",
"givenName": "Georg",
"sn": "Ohm",
"mail": "georg.ohm@idp.example.org",
"eduPersonAssurance": [
"https://refeds.org/assurance",
"https://refeds.org/assurance/ID/eppn-unique-no-reassign",
"https://refeds.org/assurance/ID/unique",
"https://refeds.org/assurance/IAP/low",
"https://refeds.org/assurance/IAP/medium",
"https://refeds.org/assurance/ATP/ePA-1m"
]
},
"account104": {
"explanation": "<b>ePPN reassign</b><br/>This profile provides a R&S compatible attribute bundle with the name of the user name being provided as 'displayname' and as seperate 'surname' and 'givenname' attributes. Please note the usage of both 'eduPersonPrincipalName' (ePPN) as well as 'eduPersonTargetedID' (ePTID) which suggest the 'eduPersonPrincipalName' may not be a stable identifier, but may be reassigned at some point. The latter is also indicated in teh assurance profile.",
"display": "ePPN reassign",
"eduPersonPrincipalName": "awest@idp.example.org",
"eduPersonTargetedID": "bd09168cf0c2e675b2def0ade6f50b7d4bb4aae",
"givenName": "Anthony",
"sn": "West",
"displayName": "Anthony West",
"mail": "anthony.west@idp.example.org",
"eduPersonScopedAffiliation": [
"member@idp.example.org",
"employee@idp.example.org",
"faculty@idp.example.org"
],
"eduPersonAssurance": [
"https://refeds.org/assurance",
"https://refeds.org/assurance/ID/eppn-unique-reassign-1y",
"https://refeds.org/assurance/ID/unique",
"https://refeds.org/assurance/IAP/low",
"https://refeds.org/assurance/IAP/medium",
"https://refeds.org/assurance/ATP/ePA-1m"
]
},
"account107": {
"explanation": "<b>Local Enterprise'</b><br/>This profile provides a R&S compatible attribute bundle with the name of the user name being provided in the displayname attribute. Please note the usage of both 'eduPersonPrincipalName' (ePPN) as well as 'eduPersonTargetedID' (ePTID) which suggest the 'eduPersonPrincipalName' may not be a stable identifier, but may be reassigned at some point. In addition the users affiliations are provided in the 'eduPersonScopedAffiliation' attribute. In addition, the assurance profile signals the identity proofing and credential issuance, renewal and replacement are done in a way that qualifies (or would qualify) the user to access the Home Organisation’s internal administrative systems",
"display": "'Local Enterprise'",
......@@ -307,7 +307,7 @@
"Behaviour tests": {
"message": "This is the behaviour tests Section.<br>These tests offer a range of scenarios you could encounter when engaging with identity federations 'in the wild'. Use these tests to confirm compatilbility with various attribute useage scenrios and various values of attributes which may be delivered to your Service.",
"profiles": {
"account10": {
"account210": {
"explanation": "<b>Multi-valued mail attribute</b><br>The email attribute is multi valued, so you may recieve more then one of them. It is up to you to decide how to handle that.",
"display": "Test: Multi-valued mail attribute",
"uid": [
......@@ -336,7 +336,7 @@
"eduPersonEntitlement": "urn:mace:dir:entitlement:common-lib-terms-example",
"isMemberOf": "urn:collab:org:aarc-project.eu"
},
"account11": {
"account211": {
"explanation": "<b>No member affiliation</b><br/>. Even though this profile is asserted by the institutional identity provider, this user is not considered to be a member (so not student, nor factuly or staff) of the institution.<br>You can (and should) use the value of eduPersonAffiliation or eduPersonScopedAffiliation to evaluate this",
"display": "Test: No a member",
"uid": [
......@@ -362,7 +362,7 @@
"eduPersonEntitlement": "urn:mace:dir:entitlement:common-lib-terms-example",
"isMemberOf": "urn:collab:org:aarc-project.eu"
},
"account15": {
"account215": {
"explanation": "<b>Member only</b><br/>In this profile you can only learn about the fact that this user is a member of the institution, but not what the affilation is. This is a very common default setting",
"display": "Test: Member affiliation only",
"uid": [
......@@ -383,7 +383,7 @@
],
"isMemberOf": "urn:collab:org:aarc-project.eu"
},
"account12": {
"account212": {
"explanation": "<b>Incorrect scoping of attributes</b><br/>In this case the instutition has multiple scopes in use (both .org and .edu). However, an assertion should only use scopes consistent with the md:scope element expressed in the IdP metadata. You should test this. Depending on your service provider software (e.g. Shibboleth), you may note incorrectly scoped attributes are filtered out already. Check you logs to confirm this.",
"display": "Test: Incorrect scoping",
"uid": [
......@@ -407,7 +407,7 @@
"eduPersonEntitlement": "urn:mace:dir:entitlement:common-lib-terms-example",
"isMemberOf": "urn:collab:org:aarc-project.eu"
},
"account13": {
"account213": {
"explanation": "<b>Invalid email address</b><br/> Note that eduPersonPrincipleName (ePPN) is NOT an email adress, so having multiple @ signs is allowed there.",
"display": "Test: invalid email adress",
"uid": [
......@@ -432,7 +432,7 @@
],
"isMemberOf": "urn:collab:org:aarc-project.eu"
},
"account16": {
"account216": {
"explanation": "<b>No human-readable ePPN</b><br/>The eduPersonPrincipleName is intended as an identifier, but not perse something one should represent to a user. Be aware the value might not contain a human readable value, as is the case in this profile.",
"display": "Test: No human-readable ePPN",
"uid": [
......@@ -455,7 +455,7 @@
],
"isMemberOf": "urn:collab:org:aarc-project.eu"
},
"account17": {
"account217": {
"explanation": "<b>Blank attribute values</b><br/>Sending empty attribute values is uncommon, but not disallowed. This profile has empty 'surename' and 'giveName' attributes. The displayname is not empty, however it contains only spaces. Not very useful, but again not technically incorrect.",
"display": "Test: Empty attributes",
"uid": [
......@@ -477,7 +477,7 @@
],
"isMemberOf": "urn:collab:org:aarc-project.eu"
},
"account18": {
"account218": {
"explanation": "<b>Inconsistant user names</b><br/>There are various fields that may hold (parts of the) user name. The values provided may not seem be consistent.",
"display": "Test: Inconsistant user name",
"uid": [
......@@ -496,7 +496,7 @@
],
"isMemberOf": "urn:collab:org:aarc-project.eu"
},
"account19": {
"account219": {
"explanation": "<b>Non-ASCII UTF-8 values</b><br/>As identity federation is a global endever, you may encounter attribute values with non UTF-8 characters",
"display": "Non-ASCII UTF-8 values (1)",
"uid": [
......@@ -522,7 +522,7 @@
"urn:collab:org:home-university.org"
]
},
"account20": {
"account220": {
"explanation": "<b>Diacritical characters</b><br/>As identity federation is a global endever, you may encounter attribute values with diacritical characters",
"display": "Test: Diacritical characters",
"uid": [
......@@ -550,8 +550,8 @@
"Experimental profiles": {
"message": "The experimental profiles section contains profiles which are currenlty under development or are being standerdized.",
"profiles": {
"account9": {
"explanation": "<b>REFEDs - Personalized</b><br/>An example implementatin of the REFEDS Personalized Authorization Entity Category attribute bundle. See <a href='https://edu.nl/994m3'>https://edu.nl/994m3</a> for more information.",
"account900": {
"explanation": "<b>REFEDs - Personalized</b><br/>An example implementatin of the REFEDS Personalized Authorization Entity Category attribute bundle. For more information see <a href='https://edu.nl/994m3' target='_blank'>https://edu.nl/994m3</a>",
"display": "REFEDs - Personalized",
"uid": [
"jstiglitz"
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment