[Tf-aai] Email template for getting attributes released
Martin Matthiesen
martin.matthiesen at csc.fi
Fri May 13 15:50:39 CEST 2016
Hi Jozef,
I'd say the recommended list of the code of conduct / eduGAIN attribute profile:
"c.f. the eduGAIN attribute profile recommends Home Organisations to populate the following attributes: displayName, cn, mail, eduPersonAffiliation, eduPersonScopedAffiliation, eduPersonPrincipalName, SAML2 Persistent NameID (eduPersonTargetedID), schacHomeOrganization and schacHomeOrganizationType"
See https://wiki.edugain.org/Recipe_for_a_Home_Organisation Item 2, last point.
This is a meaningful maximum set in my view: I would argue that eppn/mail are the "most sensitive" attributes and since mail often contains "name"-information and the eppn contains the HomeOrganization-info they should be all fine as a set. This set is the one I'd like to see in lbr.csc.fi to really have some confidence that I can identify a user properly.
Martin
--
Martin Matthiesen
CSC - Tieteen tietotekniikan keskus
CSC - IT Center for Science
PL 405, 02101 Espoo, Finland
+358 9 457 2376, martin.matthiesen at csc.fi
Public key : https://pgp.mit.edu/pks/lookup?op=get&search=0x74B12876FD890704
Fingerprint: AA25 6F56 5C9A 8B42 009F BA70 74B1 2876 FD89 0704
----- Original Message -----
> From: "Jozef Misutka" <misutka at ufal.mff.cuni.cz>
> To: "tf-aai" <tf-aai at lists.clarin.eu>, spf at clarin.eu
> Sent: Friday, 13 May, 2016 16:00:35
> Subject: [Tf-aai] Email template for getting attributes released
> Dear all,
>
> please, help us create a template for asking IdPs to release attributes to
> CLARIN SPF SPs.
>
> Comment or directly edit it here
> https://docs.google.com/document/d/1jZRACcsIBGT7dLi48F_sRrEPiQzKuCF6v9259DQyH-0/edit?usp=sharing
>
> For the moment, I see one problem namely what should the IdP operator
> release to all SPF SPs in other words what is the minimal set we require?
>
> Best,
> Jozef
>
>
> [Text File:ATT00001]
More information about the Tf-aai
mailing list