Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: replaced the wrong, misleading common-lib-terms value

...

Format: <anyUri>@<scope>


<scope>: DNS domain something (could be a domain name) that is associated with the issuing entity in metadata (shibmd:Scope)- not the same scope that we use for eppn

<anyUri>: any valid URI.


Examples:

urn:mace:dir:entitlement:common-lib-terms@terms@hexaa.eduid.hu

urn:geant:niif.hu:hexaa:projectfoo:bar@hexaa.eduid.hu

...

  • can use any URIs in the “local-part”, thus existing eduPersonEntitlement values as well

  • scope can be verified by using existing code in Shibboleth&SimpleSAMLphp. They can also handle multiple occurrence of the delimiter character.


Gotchas:

  • the whole edupersonScopedEntitlement is NOT a URI, because the position of ‘@’ delimiter is reserved in RFC 2396

    Note
    RFC 2396 was obsoleted by RFC 3986