Page History

MyAccessID and GEANT AAI Service and the services connected through MyAccessID GEANT AAI Service require to uniquely identify users. Without a unique identifier, it is not possible to distinguish two different users between each other.

As a service that supports Sirtfi, it is required that it is able to uniquely identify users.

¹ The eduPersonPrincipalName can be used only if one of the following conditions are met:

i) the IdP supports the R&S Enitity Category,

ii) the eduPersonAssurance attribute is also released and it has a value of https://refeds.org/assurance/ID/eppn-unique-no-reassign,

iii) the federation in which the IdP has registered has a policy that prohibits the reassignment of the value of the eduPersonPrincipalName attribute

pairwise-id

eduPersonPrincipalName1

eduPersonTargetedID

eduPersonUniqueId

cn

MyAccessID GEANT AAI Service and the services connected through MyAccessID GEANT AAI Service expect to receive the name of the user.

For example, when a user applies for a new project or for membership membership to an existing project, the managers need to be able to recognise who the applicant is.

sn + givenName

mail

GEANT AAI Service needs to be able to contact the user regarding the status of their account. In addition, many of the services connected through

GEANT AAI Service expect the email of the user in order to be able contact the user about service related matters.

eduPersonScopedAffiliation

Access to many of the services connected through

GEANT AAI Service relies on authorising their member users based on affiliation with their home organisation.

Access to many of the services connected through

GEANT AAI Service relies on authorising users based on their home organisation.