Versions Compared

Old Version 1

changes.mady.by.user Christos Kanellopoulos

Saved on

compared with

New Version 2

changes.mady.by.user Christos Kanellopoulos

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

NameEntitlement
DescriptionThis attribute describes the entitlements of this user.
SAML Attribute(s)

urn:oid:1.3.6.1.4.1.5923.1.1.1.7 (eduPersonEntitlement)

OIDC claim(s)eduperson_entitlement
OIDC claim locationThe claim is available in:

 ID token
 Userinfo endpoint
☐ Introspection endpoint
OIDC scopeeduperson_entitlement
OriginEntitlements are based either on VO and group membership in MyAcademicID or derived from entitlements provided by the user's Identity Provider.
ChangesYes
Multiplicity

Multi-valued

AvailabilityOptional
Example
  • urn:geant:myacademicid.org:geant.org:ewp:admin

This is an example of user registered in MyAcademidID and who is an EWP Admin for geant.org

Notes

Organization

NameOrganization
DescriptionThis attribute describes the organization of this user.
SAML Attribute(s)urn:oid:1.3.6.1.4.1.25178.1.2.9 (schacHomeOrganization)
OIDC claim(s)schac_home_organization
OIDC claim locationThe claim is available in:

 ID token
 Userinfo endpoint
☐ Introspection endpoint
OIDC scopeschac_home_organization
OriginProvided by the user's Identity Provider.
ChangesYes
Multiplicity

Single-valued

AvailabilityOptional
Example

geant.org

Notes

European Student Identifier

NameESI
DescriptionThe European Student Identifier of the user (see European Student Identifier)
SAML Attribute(s)urn:oid:1.3.6.1.4.1.25178.1.2.14 (schacPersonalUniqueCode)
OIDC claim(s)schac_personal_unique_code
OIDC claim locationThe claim is available in:

 ID token
 Userinfo endpoint
☐ Introspection endpoint
OIDC scopeschac_personal_unique_code
OriginProvided by the user's Identity Provider.
ChangesYes
Multiplicity

Multi-valued

AvailabilityOptional
Example

urn:schac:personalUniqueCode:int:esi:HR:xxxxxxxxxx

urn:schac:personalUniqueCode:int:esi:example.edu:xxxxxxxxxx

Notes

Assurance

Name

Assurance

Description

Assurance of the identity of the user, following REFEDS Assurance Framework (RAF).

Following RAF values are qualified and automatically set for all MyAcademic identities:

  • https://refeds
  • https://refeds/ID/unique
  • https://refeds/ID/eppn-unique-no-reassign
  • https://refeds/IAP/low

Following RAF values are set if the currently used authentication provider asserts (or otherwise qualifies to) them:

  • https://refeds/IAP/medium
  • https://refeds/IAP/high

Following compound profiles are asserted if the user qualifies to them - Experimental

  • https://refeds/profile/cappuccino
  • https://refeds/profile/espresso

Assurange of the identify of the user, following AARC-G021 - Experimental

Users logging-in via non-institutional Identity Providers (e.g. Google, ORCID) will have the following assurance value:

  • https://aarc-project.eu/policy/authn-assurance/assam

Assurange of the identify of the user, MyAcademicID specific - Experimental

Users logging-in via non-institutional Identity Providers (e.g. Google) will have the following assurance values:

  • https://eduteams.org/assurance/IDP/rs-sirtfi

  • http://refeds.org/category/research-and-scholarship

  • https://refeds.org/sirtfi

SAML Attribute(s)

urn:oid:1.3.6.1.4.1.5923.1.1.1.11 (eduPersonAssurance)

OIDC claim(s)eduperson_assurance
OIDC claim locationThe claim is available in:

 ID token
 Userinfo endpoint
☐ Introspection endpoint
OIDC scopeeduperson_assurance
Origin

MyAcademicID is the origin for values it has set (see description).

The current authentication provider is the origin for the values it asserts (or otherwise qualifies to).

ChangesYes
Multiplicity

Multi-valued

AvailabilityMandatory
Example
  • https://refeds
  • https://refeds/ID/unique
  • https://refeds/ID/eppn-unique-no-reassign
  • https://refeds/IAP/low
  • https://refeds$/ATP/ePA-1m
  • https://refeds/ATP/ePA-1d
NotesThis attribute defines just the identity assurance. Authentication assurance is described using authentication contexts (SAML authentication context or OIDC acr claim).

...