...
Name | Entitlement |
---|---|
Description | This attribute describes the entitlements of this user. |
SAML Attribute(s) | urn:oid:1.3.6.1.4.1.5923.1.1.1.7 (eduPersonEntitlement) |
OIDC claim(s) | eduperson_entitlement |
OIDC claim location | The claim is available in: ☐ ID token ☑ Userinfo endpoint ☐ Introspection endpoint |
OIDC scope | eduperson_entitlement |
Origin | Entitlements are based either on VO and group membership in MyAcademicID or derived from entitlements provided by the user's Identity Provider. |
Changes | Yes |
Multiplicity | Multi-valued |
Availability | Optional |
Example |
This is an example of user registered in MyAcademidID and who is an EWP Admin for geant.org |
Notes |
Organization
Name | Organization |
---|---|
Description | This attribute describes the organization of this user. |
SAML Attribute(s) | urn:oid:1.3.6.1.4.1.25178.1.2.9 (schacHomeOrganization) |
OIDC claim(s) | schac_home_organization |
OIDC claim location | The claim is available in: ☐ ID token ☑ Userinfo endpoint ☐ Introspection endpoint |
OIDC scope | schac_home_organization |
Origin | Provided by the user's Identity Provider. |
Changes | Yes |
Multiplicity | Single-valued |
Availability | Optional |
Example |
|
Notes |
European Student Identifier
Name | ESI |
---|---|
Description | The European Student Identifier of the user (see European Student Identifier) |
SAML Attribute(s) | urn:oid:1.3.6.1.4.1.25178.1.2.14 (schacPersonalUniqueCode) |
OIDC claim(s) | schac_personal_unique_code |
OIDC claim location | The claim is available in: ☐ ID token ☑ Userinfo endpoint ☐ Introspection endpoint |
OIDC scope | schac_personal_unique_code |
Origin | Provided by the user's Identity Provider. |
Changes | Yes |
Multiplicity | Multi-valued |
Availability | Optional |
Example |
|
Notes |
Assurance
Name | Assurance |
---|---|
Description | Assurance of the identity of the user, following REFEDS Assurance Framework (RAF). Following RAF values are qualified and automatically set for all MyAcademic identities:
Following RAF values are set if the currently used authentication provider asserts (or otherwise qualifies to) them:
Following compound profiles are asserted if the user qualifies to them - Experimental
Assurange of the identify of the user, following AARC-G021 - Experimental Users logging-in via non-institutional Identity Providers (e.g. Google, ORCID) will have the following assurance value:
Assurange of the identify of the user, MyAcademicID specific - Experimental Users logging-in via non-institutional Identity Providers (e.g. Google) will have the following assurance values:
|
SAML Attribute(s) | urn:oid:1.3.6.1.4.1.5923.1.1.1.11 (eduPersonAssurance) |
OIDC claim(s) | eduperson_assurance |
OIDC claim location | The claim is available in: ☐ ID token ☑ Userinfo endpoint ☐ Introspection endpoint |
OIDC scope | eduperson_assurance |
Origin | MyAcademicID is the origin for values it has set (see description). The current authentication provider is the origin for the values it asserts (or otherwise qualifies to). |
Changes | Yes |
Multiplicity | Multi-valued |
Availability | Mandatory |
Example |
|
Notes | This attribute defines just the identity assurance. Authentication assurance is described using authentication contexts (SAML authentication context or OIDC acr claim). |
...