You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 2 Next »

Syntax: DirectoryString (1.3.6.1.4.1.1466.115.121.1.15)

Equality: caseExactMatch


Format: <anyUri>@<scope>


<scope>: DNS domain that is associated with the issuing entity in metadata (shibmd:Scope)

<anyUri>: any valid URI.


Examples:

urn:mace:common-lib-terms@hexaa.eduid.hu

urn:geant:niif.hu:hexaa:projectfoo:bar@hexaa.eduid.hu

urn:elixir:foo:baz:bar@aa.scope.com

urn:x-perun:baz-collaboration.foo-service.bar-value@perun.org

https://cern.ch/unifocaltelescope/admin@perun.cz


urn:REGISTERED_NAMESPACE:[auth source]:{target}:{service}:{[entitlementName]}:[entitlementValue]@perun.org


urn:REGISTERED_NAMESPACE:[auth source]:student.nl}:{service}:{[entitlementName]}:[entitlementValue]@perun.org


Benefits:

  • can use any URIs in the “local-part”, thus existing eduPersonEntitlement values as well

  • scope can be verified by using existing code in Shibboleth&SimpleSAMLphp. They can also handle multiple occurrence of the delimiter character.


Gotchas:

  • the whole edupersonScopedEntitlement is NOT a URI, because the position of ‘@’ delimiter is reserved in RFC 2396
  • No labels